From owner-freebsd-security Sun Jun 2 14:17:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl6-t65.citlink.net [207.173.251.65]) by hub.freebsd.org (Postfix) with ESMTP id E673C37B407 for ; Sun, 2 Jun 2002 14:17:51 -0700 (PDT) Received: from TAGALONG (unknown [192.168.1.27]) by blacklamb.mykitchentable.net (Postfix) with SMTP id C58CFEE540; Sun, 2 Jun 2002 14:17:49 -0700 (PDT) Message-ID: <000e01c20a7a$edf501a0$1b01a8c0@TAGALONG> From: "Drew Tomlinson" To: , "Hajimu UMEMOTO" Cc: References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> <20020602113409.F20911@blossom.cjclark.org> <20020602121922.H20911@blossom.cjclark.org> Subject: Re: Security Messages re: hosts.allow? Date: Sun, 2 Jun 2002 14:17:40 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Crist J. Clark" To: "Hajimu UMEMOTO" Cc: "Drew Tomlinson" ; Sent: Sunday, June 02, 2002 12:19 PM Subject: Re: Security Messages re: hosts.allow? > On Mon, Jun 03, 2002 at 03:50:33AM +0900, Hajimu UMEMOTO wrote: > > Hi, > > > > >>>>> On Sun, 2 Jun 2002 11:34:09 -0700 > > >>>>> "Crist J. Clark" said: > > > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN CNAME dns.camelweb.com.tw. > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN A 210.59.224.44 > > crist.clark> dns.camelweb.com.tw. 22h47m42s IN A 210.59.224.42 > > > > crist.clark> 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR server1.camelweb.com.tw. > > > > crist.clark> But from the looks of it, these DNS entries themselves do not look > > crist.clark> malicious. > > > > No, CNAME RR cannot co-exist with A RR. > > I didn't say it wasn't broken DNS. I was saying that it does not look > like someone is trying to pretend they are someone they are not (which > is the reason tcpwrapper produces that kind of warning). Thanks for your replies. So the bottom line is that someone from this domain attempted to establish a ssh session with my server? This is just a little home server for my amusement and no one other than myself should access it. I guess it might be time to learn about "keys" and restrict access to only myself. Any reading suggestions for an absolute beginner? Thanks again, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message