Date: Fri, 12 Apr 2002 21:07:10 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: <peter.lai@uconn.edu> Cc: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>, <security@FreeBSD.ORG> Subject: hosts.allow and RFC931 - was: sshd warning---a lil' help? Message-ID: <Pine.BSF.4.33.0204122053380.56356-100000@backup.af.speednet.com.au> In-Reply-To: <20020409185049.A17491@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Apr 2002, Peter C. Lai wrote: > a is true. the message is coming from hosts.allow, which checks for rdns as > a (weak) signal of spoofed packets. You can deny these connections by > by turning on: > > ALL : PARANOID : RFC931 20 : deny > # Provide some protection against clients using a forged source IP address > Question: the above rule in the default /etc/hosts.allow file is *above* the rules regarding sshd - does this mean that sshd is not protected against forged source IP adresses? Also, its been 2 and-a-bit years since this absolutely ridiculous bit of ascii-art was added to hosts.allow: # _____ _ _ # | ____| __ __ __ _ _ __ ___ _ __ | | ___ | | # | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | | # | |___ > < | (_| | | | | | | | | |_) | | | | __/ |_| # |_____| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_) # |_| ....could we *please* remove it? If it really is an example file, then it should be moved to /usr/share/examples or renamed to hosts.allow.sample... > > b would have sshd report "password" or keypair "accepted for username". > > c would have shown that user being rejected > > consequently, we don't know from what you've given us to know > if someone logged in successfully to sshd runing with pid 34375 > at that time :) > > On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > > Apr 9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23: > > can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed > > > > This computer --- > > > > a - has incorrect or NO reverse DNS ? > > b - tried to authenticate via ssh login and succeeded? > > c - tried to authenticate via ssh login and failed? > > d - other > > > > > > TIA, Kevin Kinsey > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Peter C. Lai > University of Connecticut > Dept. of Residential Life | Programmer > Dept. of Molecular and Cell Biology | Undergraduate Research Assistant > http://cowbert.2y.net/ > 860.427.4542 (Room) > 860.486.1899 (Lab) > 203.206.3784 (Cellphone) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0204122053380.56356-100000>