From owner-freebsd-security  Thu Nov 18  7:32: 5 1999
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id 10C1E15347
	for <freebsd-security@FreeBSD.ORG>; Thu, 18 Nov 1999 07:31:48 -0800 (PST)
	(envelope-from danderse@faith.cs.utah.edu)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id IAA27035;
	Thu, 18 Nov 1999 08:31:37 -0700 (MST)
From: David G Andersen <danderse@cs.utah.edu>
Message-Id: <199911181531.IAA27035@faith.cs.utah.edu>
Subject: Re: localhost.org
To: bsd@a.servers.aozilla.com (Mr. K.)
Date: Thu, 18 Nov 1999 08:31:36 -0700 (MST)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.991118101159.958A-100000@inbox.org> from "Mr. K." at Nov 18, 99 10:13:58 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

But why in the world do you have .org in your search path?

... it's like leaving "." in root's executable search path:  just don't do
it.  The only things in your nameserver search space should be domains you
trust, or obviously, people are going to be able to pull things like that.

   -Dave

Lo and behold, Mr. K. once said:
> 
> this is really bad...  today when i got to my computer i noticed that
> mysql was broken.  the message was "Can't connect to MySQL server on
> localhost".  so after half an hour of debugging (and rebooting my server
> :(, bye uptime), I did a telnet localhost 3306 (the mysql port).  lo and
> behold, I notice:
> 
> # telnet localhost 3306
> Trying 208.211.134.100...
> telnet: Unable to connect to remote host: Connection refused
> # nslookup localhost
> Server:  inbox.org
> Address:  0.0.0.0
> 
> Non-authoritative answer:
> Name:    localhost.org
> Address:  208.211.134.100
> 
> ouch.  time to reset all my passwords, as this bozo could have stolen them
> all.  I don't know why this just started happening, unless the bozo just
> registered the domain name, which is why I'm sending along this warning to
> everyone on here.
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message