Bugtraq mailing list archives

Re: Internet Worm

From: jim () Tadpole COM (jim () Tadpole COM)
Date: Tue, 18 Oct 1994 16:57:11 -0500

I think you will find that Sun put a double lookup into
gethostbyaddr(), to prevent spoofing. This of course goes against
the Unix spirit of 'do one thing only, but do it well'. This double
lookup can be enabled with the resolv+ library by using the
'nospoof' command in its configuration file.


I think that you will find that you are wrong, and the reverse lookup
actually happens in ypserv, specificly in the part that looks up
addresses via the DNS, not the routine in libc.  If you still think
I'm wrong, I invite you to disassemble gethostent.o from libc.a and
take a look for anything that might be code that does a reverse lookup.

The comments about 'nospoof' and resolv+ are accurate.

Jim

Current thread:

Re: Internet Worm, (continued)
- - - Re: Internet Worm David Miller (Oct 17)
    - PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
    - Re: Internet Worm Fred Kuhns (Oct 18)
  - Internet Worm Source Code Michael S. Hines (Oct 17)
  - rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm Icarus Sparry (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
  - Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
  - R utilities, addresses, etc. Charles Howes (Oct 20)
    - Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
    - Re: R utilities, addresses, etc. Charles Howes (Oct 21)
    - Fingerd Summary Adam Shostack (Oct 20)

(Thread continues...)