From owner-freebsd-security Thu Nov 18 7:45:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id 083BE15420 for ; Thu, 18 Nov 1999 07:45:24 -0800 (PST) (envelope-from danderse@faith.cs.utah.edu) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id IAA27842; Thu, 18 Nov 1999 08:45:18 -0700 (MST) From: David G Andersen Message-Id: <199911181545.IAA27842@faith.cs.utah.edu> Subject: Re: localhost.org To: bsd@a.servers.aozilla.com (Mr. K.) Date: Thu, 18 Nov 1999 08:45:18 -0700 (MST) Cc: danderse@cs.utah.edu, freebsd-security@FreeBSD.ORG In-Reply-To: from "Mr. K." at Nov 18, 99 10:41:24 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Look at your /etc/resolv.conf It should say something like: domain inbox.org nameserver foo nameserver bar But in reality, yours probably looks like: search inbox.org search org nameserver foo nameserver bar Remove that "search org" line. (Alternately, you might have a "domain org" which would be even worse. :-) -Dave Lo and behold, Mr. K. once said: > > I thought it's automatically there because inbox.org is my domain name. I > actually can't figure out how to fix this, without setting myself as > authoritative for localhost.org. I'm probably just overlooking something > though. > > On Thu, 18 Nov 1999, David G Andersen wrote: > > > But why in the world do you have .org in your search path? > > > > ... it's like leaving "." in root's executable search path: just don't do > > it. The only things in your nameserver search space should be domains you > > trust, or obviously, people are going to be able to pull things like that. > > > > -Dave > > > > Lo and behold, Mr. K. once said: > > > > > > this is really bad... today when i got to my computer i noticed that > > > mysql was broken. the message was "Can't connect to MySQL server on > > > localhost". so after half an hour of debugging (and rebooting my server > > > :(, bye uptime), I did a telnet localhost 3306 (the mysql port). lo and > > > behold, I notice: > > > > > > # telnet localhost 3306 > > > Trying 208.211.134.100... > > > telnet: Unable to connect to remote host: Connection refused > > > # nslookup localhost > > > Server: inbox.org > > > Address: 0.0.0.0 > > > > > > Non-authoritative answer: > > > Name: localhost.org > > > Address: 208.211.134.100 > > > > > > ouch. time to reset all my passwords, as this bozo could have stolen them > > > all. I don't know why this just started happening, unless the bozo just > > > registered the domain name, which is why I'm sending along this warning to > > > everyone on here. > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > -- > > work: dga@lcs.mit.edu me: dga@pobox.com > > MIT Laboratory for Computer Science http://www.angio.net/ > > > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message