From owner-freebsd-security Fri Mar 16 4:51:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id CE84137B718 for ; Fri, 16 Mar 2001 04:51:21 -0800 (PST) (envelope-from roam@orbitel.bg) Received: (qmail 22441 invoked by uid 1000); 16 Mar 2001 12:50:39 -0000 Date: Fri, 16 Mar 2001 14:50:39 +0200 From: Peter Pentchev To: Lukasz Pawlik Cc: freebsd-security@freebsd.org Subject: Re: Invalid hostname Message-ID: <20010316145039.B22302@ringworld.oblivion.bg> Mail-Followup-To: Lukasz Pawlik , freebsd-security@freebsd.org References: <20010316103954.A24855@btk.za.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010316103954.A24855@btk.za.net>; from freebsd@btk.za.net on Fri, Mar 16, 2001 at 10:39:54AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Mar 16, 2001 at 10:39:54AM +0000, Lukasz Pawlik wrote: > Hello, > I'd like to ask for a little help. I dont understand one record > which is printed by last. > ash ttyp2 invalid hostname Ndz 11 Mar 19:07 - 20:13 (01:06) > > What the 'invalid hostname' is? If DNS failed, why there is no ip? > Can someone explain me? > Lukasz 'invalid hostname' is what /usr/bin/login puts into the wtmp record, when it (login) is started with an '-h hostname' argument, and then the DNS lookup of the specified hostname fails. Thus, login cannot put an IP address there, 'cause it's just the IP address lookup that failed :) The fun question is how did login get started with an invalid hostname passed; how did the user in question log in to the machine? Apparently it was over the network, was it a telnet, SSH or some other kind of session? G'luck, Peter -- If there were no counterfactuals, this sentence would not have been paradoxical. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message