Re: ProFTPd and reverse DNS
From: Karsten W. Rohrbach (karsten@rohrbach.de)Date: 09/11/01
- Previous message: Eric Bennett: "Re: More security problems in Apache on Mac OS X"
- In reply to: Matthew S . Hallacy: "ProFTPd and reverse DNS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Sep 2001 20:13:38 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: "Matthew S . Hallacy" <poptix@techmonkeys.org> Subject: Re: ProFTPd and reverse DNS Message-ID: <20010911201338.H48914@mail.webmonster.de>
Matthew S . Hallacy(poptix@techmonkeys.org)@2001.09.07 15:38:27 +0000:
> Howdy,
>
> Recently while browsing through security logs I noticed that quite a few of the hosts
> connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
> not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
> could easily lead to an attacker hiding his real hostname from logfiles, or an attacker
> slipping through ACL's by modifying their hostname. For the time being I recommend that the
> option 'UseReverseDNS' be disabled in the configuration file until this is fixed.
>
> Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
> down for the past 4-5 days that I've tried it, the version tested was 1.2.2rc2.
if you happen to run an inetd-capable ftp daemon, use tcpserver as a
frontend [http://cr.yp.to/ucspi-tcp.html] which allows you to do very
paranoid checking and also good logging (with multilog of the
daemontools package).
you might check the -p option to tcpserver, as well as the magic rules
for tcprules files (acl files) for it. together with the -p optionto
tcpserver and the lines
=:allow
:deny
in your tcprules file, you drop not reverse resolvable adresses. do not
do this for anon ftp servers.
rule explanations at [http://cr.yp.to/ucspi-tcp/tcprules.html]
cheers,
/k
-- > Yes, it is inconvenient. Security and convenience are usually mutually > exclusive concepts. --Erik Trulsson on freebsd-stable, Jun 2001 KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
- application/pgp-signature attachment: stored
- Previous message: Eric Bennett: "Re: More security problems in Apache on Mac OS X"
- In reply to: Matthew S . Hallacy: "ProFTPd and reverse DNS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
