On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote: > Howdy, > > Recently while browsing through security logs I noticed that quite a few of the hosts > connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does > not check forward to reverse DNS mappings, and only resolves the IP address connecting. This > could easily lead to an attacker hiding his real hostname from logfiles, or an attacker > slipping through ACL's by modifying their hostname. For the time being I recommend that the > option 'UseReverseDNS' be disabled in the configuration file until this is fixed. I note that other people are recommending mod_wrap and inetd mode, I would also caution against relying on rDNS anyway. > Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been > down for the past 4-5 days that I've tried it, the version tested > was 1.2.2rc2. It has? News to me. For the record there are a significant number of mirror sites which conform to the www.<isocode>.proftpd.org naming scheme (we cover about 26 countries now). Bugs should be reported via http://bugs.proftpd.org/ Security issues: securityat_private Core team: coreat_private (please only use this for issues which aren't appropriate to the mailing lists, security alias or the bug system). If you can raise a bug on this issue via the bugzilla interface I would appreciate it. Mark -- The Flying Hamster <hamsterat_private> http://hamster.wibble.org/ I'm not a complete idiot, some parts are missing!
This archive was generated by hypermail 2b30 : Sat Sep 08 2001 - 12:20:54 PDT