Re: ProFTPd and reverse DNSFrom: Michael S. Fischer (email@example.com)
- Previous message: Matthew S . Hallacy: "ProFTPd and reverse DNS"
- In reply to: Matthew S . Hallacy: "ProFTPd and reverse DNS"
- Next in thread: Noah: "Re: ProFTPd and reverse DNS"
- Reply: Noah: "Re: ProFTPd and reverse DNS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 Sep 2001 17:16:14 -0700 From: "Michael S. Fischer" <firstname.lastname@example.org> To: "Matthew S . Hallacy" <email@example.com> Subject: Re: ProFTPd and reverse DNS Message-ID: <20010907171614.A23062@dynamine.net>
On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:
> Recently while browsing through security logs I noticed that quite a
> few of the hosts connecting to the machine did not resolve, I've
> checked into it, and apparently ProFTPd does not check forward to
> reverse DNS mappings, and only resolves the IP address connecting.
> This could easily lead to an attacker hiding his real hostname from
> logfiles, or an attacker slipping through ACL's by modifying their
> hostname. For the time being I recommend that the option
> 'UseReverseDNS' be disabled in the configuration file until this is
Another potentially useful workaround is to configure ProFTPd to run out
of inetd, using TCP Wrappers to enforce paranoid DNS checks. This way
you can have your cake and eat it too.
Running ProFTPd out of inetd, while slower than running it in standalone
mode without DNS lookups activated, is still going to be faster than
running it in standalone mode with DNS lookups activated.
-- Michael S. Fischer / michael at dynamine.net / +1 650-533-4684 Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA