Bugtraq mailing list archives
Re: ProFTPd and reverse DNS
From: "Michael S. Fischer" <michael () dynamine net>
Date: Fri, 7 Sep 2001 17:16:14 -0700
On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:
Recently while browsing through security logs I noticed that quite a few of the hosts connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does not check forward to reverse DNS mappings, and only resolves the IP address connecting. This could easily lead to an attacker hiding his real hostname from logfiles, or an attacker slipping through ACL's by modifying their hostname. For the time being I recommend that the option 'UseReverseDNS' be disabled in the configuration file until this is fixed.
Another potentially useful workaround is to configure ProFTPd to run out of inetd, using TCP Wrappers to enforce paranoid DNS checks. This way you can have your cake and eat it too. Running ProFTPd out of inetd, while slower than running it in standalone mode without DNS lookups activated, is still going to be faster than running it in standalone mode with DNS lookups activated. -- Michael S. Fischer / michael at dynamine.net / +1 650-533-4684 Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA
Current thread:
- ProFTPd and reverse DNS Matthew S . Hallacy (Sep 07)
- Re: ProFTPd and reverse DNS Michael S. Fischer (Sep 07)
- Re: ProFTPd and reverse DNS Noah (Sep 08)
- Re: ProFTPd and reverse DNS Krzysztof Halasa (Sep 08)
- Re: ProFTPd and reverse DNS The Flying Hamster (Sep 08)
- Re: ProFTPd and reverse DNS Peter van Dijk (Sep 08)
- RE: ProFTPd and reverse DNS Jeroen Massar (Sep 08)
- Re: ProFTPd and reverse DNS Karsten W. Rohrbach (Sep 11)
- Re: ProFTPd and reverse DNS Michael S. Fischer (Sep 07)