[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ns in.proftpd[17902]: warning: /etc/hosts.deny
- Subject: Re: [cobalt-security] ns in.proftpd[17902]: warning: /etc/hosts.deny
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2002 23:28:09 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Date: Thu, 24 Jan 2002 09:44:46 +1300
> From: Render-Vue <sales@xxxxxxxxxxxxxx>
> Jan 23 12:31:00 ns in.proftpd[17902]: warning: /etc/hosts.deny, line 57:
> host name/address mismatch: 151.198.232.26 != mail.forhealers.com
Mismatch between forward and reverse DNS:
151.198.232.26 --> mail.forhealers.com
mail.forhealers.com --> 151.198.232.220
The differing IP addresses make it look like someone is trying to
forge reverse DNS to gain access.
For instance, let's say that you gave elevated privileges to
"mail.forhealers.com". I configure 216.89.137.66 (one of my IP
addresses) to resolve to "mail.forhealers.com", enabling me easy
access.
To thwart this, you verify the FQHN that I claim to be. The
forward lookup gives 151.198.232.220, and catches me in the act.
Somebody has screwed-up DNS, that's all.
HTH,
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@xxxxxxxxx>, or you are likely to be blocked.