Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Apr 2002 21:07:10 +1000 (EST)
From:      Andy Farkas <andyf@speednet.com.au>
To:        <peter.lai@uconn.edu>
Cc:        "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>, <security@FreeBSD.ORG>
Subject:   hosts.allow and RFC931 - was: sshd warning---a lil' help?
Message-ID:  <Pine.BSF.4.33.0204122053380.56356-100000@backup.af.speednet.com.au>
In-Reply-To: <20020409185049.A17491@cowbert.2y.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Apr 2002, Peter C. Lai wrote:

> a is true. the message is coming from hosts.allow, which checks for rdns as
> a (weak) signal of spoofed packets.  You can deny these connections by
> by turning on:
>
> ALL : PARANOID : RFC931 20 : deny
> # Provide some protection against clients using a forged source IP address
>

Question: the above rule in the default /etc/hosts.allow file is *above*
the rules regarding sshd - does this mean that sshd is not protected
against forged source IP adresses?

Also, its been 2 and-a-bit years since this absolutely ridiculous bit of
ascii-art was added to hosts.allow:

#	 _____                                      _          _
#	| ____| __  __   __ _   _ __ ___    _ __   | |   ___  | |
#	|  _|   \ \/ /  / _` | | '_ ` _ \  | '_ \  | |  / _ \ | |
#	| |___   > < | (_| | | | | | | | | |_) | | | |  __/ |_|
#	|_____| /_/\_\  \__,_| |_| |_| |_| | .__/  |_|  \___| (_)
#					   |_|

....could we *please* remove it?  If it really is an example file, then it
should be moved to /usr/share/examples or renamed to hosts.allow.sample...

>
> b would have sshd report "password" or keypair "accepted for username".
>
> c would have shown that user being rejected
>
> consequently, we don't know from what you've given us to know
> if someone logged in successfully to sshd runing with pid 34375
> at that time :)
>
> On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P. wrote:
> > Apr  9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23:
> > can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed
> >
> > This computer ---
> >
> >      a - has incorrect or NO reverse DNS ?
> >      b - tried to authenticate via ssh login and succeeded?
> >      c - tried to authenticate via ssh login and failed?
> >      d - other
> >
> >
> > TIA, Kevin Kinsey
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> --
> Peter C. Lai
> University of Connecticut
> Dept. of Residential Life | Programmer
> Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
> http://cowbert.2y.net/
> 860.427.4542 (Room)
> 860.486.1899 (Lab)
> 203.206.3784 (Cellphone)
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

--

 :{ andyf@speednet.com.au

        Andy Farkas
    System Administrator
   Speednet Communications
 http://www.speednet.com.au/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0204122053380.56356-100000>