Bugtraq mailing list archives
Re: Internet Worm
From: seeger () cis ufl edu (F. L. Charles Seeger III)
Date: Wed, 19 Oct 1994 11:47:35 -0400
+------ jim () Tadpole COM wrote (Tue, 18-Oct-94, 16:57 -0500): | > I think you will find that Sun put a double lookup into | > gethostbyaddr(), to prevent spoofing. This of course goes against | > the Unix spirit of 'do one thing only, but do it well'. This double | > lookup can be enabled with the resolv+ library by using the | > 'nospoof' command in its configuration file. | | I think that you will find that you are wrong, and the reverse lookup | actually happens in ypserv, specificly in the part that looks up | addresses via the DNS, not the routine in libc. If you still think | I'm wrong, I invite you to disassemble gethostent.o from libc.a and | take a look for anything that might be code that does a reverse lookup. No, the previous poster, Icarus Sparry <ccsis () bath ac uk>, is correct, though there appears to be a little confusion over where these changes actually reside. +------ jim () Tadpole COM wrote (Tue, 18-Oct-94, 13:57 -0500): | Sun (at least in SunOS 4) didn't do any "mucking about" with | libresolv and YP in libc. ypserv(e) is responsible for | consulting the DNS, if the NIS maps (host.byname/byaddr) are | setup with a special key/value pair. There is no libresolv in libc as delivered off Sun's distribution media. Sun did "muck about" with libresolv, and Sun did provide instructions on placing these same routines in the shared version of libc. The YP calls either are no different than reading the host table, where the forward and reverse lookups are guaranteed to match (short of a significant YP failure). So, this is a degenerate case of no interest. When ypserv doesn dns lookups on behalf of its clients with the -b hack, it is using libresolv, so this case also involves Sun's mucking. QED. Regards, Chuck
Current thread:
- PLEASE UNSUBSCRIBE, (continued)
- PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
- Re: Internet Worm Fred Kuhns (Oct 18)
- Internet Worm Source Code Michael S. Hines (Oct 17)
- rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)