Re: ProFTPd and reverse DNS

From: Michael S. Fischer (michael@dynamine.net)
Date: 09/08/01


Date: Fri, 7 Sep 2001 17:16:14 -0700
From: "Michael S. Fischer" <michael@dynamine.net>
To: "Matthew S . Hallacy" <poptix@techmonkeys.org>
Subject: Re: ProFTPd and reverse DNS
Message-ID: <20010907171614.A23062@dynamine.net>

On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:

> Recently while browsing through security logs I noticed that quite a
> few of the hosts connecting to the machine did not resolve, I've
> checked into it, and apparently ProFTPd does not check forward to
> reverse DNS mappings, and only resolves the IP address connecting.
> This could easily lead to an attacker hiding his real hostname from
> logfiles, or an attacker slipping through ACL's by modifying their
> hostname. For the time being I recommend that the option
> 'UseReverseDNS' be disabled in the configuration file until this is
> fixed.

Another potentially useful workaround is to configure ProFTPd to run out
of inetd, using TCP Wrappers to enforce paranoid DNS checks. This way
you can have your cake and eat it too.

Running ProFTPd out of inetd, while slower than running it in standalone
mode without DNS lookups activated, is still going to be faster than
running it in standalone mode with DNS lookups activated.

-- 
Michael S. Fischer / michael at dynamine.net / +1 650-533-4684
Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA