Bugtraq mailing list archives
Re: Internet Worm
From: jim () Tadpole COM (jim () Tadpole COM)
Date: Tue, 18 Oct 1994 16:57:11 -0500
I think you will find that Sun put a double lookup into gethostbyaddr(), to prevent spoofing. This of course goes against the Unix spirit of 'do one thing only, but do it well'. This double lookup can be enabled with the resolv+ library by using the 'nospoof' command in its configuration file.
I think that you will find that you are wrong, and the reverse lookup actually happens in ypserv, specificly in the part that looks up addresses via the DNS, not the routine in libc. If you still think I'm wrong, I invite you to disassemble gethostent.o from libc.a and take a look for anything that might be code that does a reverse lookup. The comments about 'nospoof' and resolv+ are accurate. Jim
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm David Miller (Oct 17)
- PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
- Re: Internet Worm Fred Kuhns (Oct 18)
- Internet Worm Source Code Michael S. Hines (Oct 17)
- rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- R utilities, addresses, etc. Charles Howes (Oct 20)