Date: Fri, 1 Jun 2001 20:43:09 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Brian Behlendorf <brian@collab.net> Cc: Dag-Erling Smorgrav <des@ofug.org>, freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601204309.K10477@mail.webmonster.de> In-Reply-To: <Pine.BSF.4.31.0106010855400.679-100000@localhost>; from brian@collab.net on Fri, Jun 01, 2001 at 08:56:44AM -0700 References: <xzpvgmguvn6.fsf@flood.ping.uio.no> <Pine.BSF.4.31.0106010855400.679-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--BFVE2HhgxTpCzM8t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Brian Behlendorf(brian@collab.net)@2001.06.01 08:56:44 +0000: > On 1 Jun 2001, Dag-Erling Smorgrav wrote: > > Brian Behlendorf <brian@collab.net> writes: > > > The shell machine at SF didn't have reverse DNS (or at least it wasn't > > > recorded in the wtmp), so you might want to look for 216.136.171.252 = (the > > > machine our friend came in from) or maybe even 216.136/24. > > > > I hope you meant 216.136.171/24, and not 216.136/16: >=20 > Er, yeah; preferably someone could get a list of IP addresses SF.net has > ever had public shell machines on. as a direct consequence of the incident it would be a prudent choice of the sourceforge folks to have already done it. that said (i do not know anyone at their site personally) could somebody with good connections the them propagate this list to -security, please? >=20 > > Oh, and .252 does have reverse DNS: > > > > des@des ~% host 216.136.171.252 > > 252.171.136.216.IN-ADDR.ARPA domain name pointer usw-sf-fw2.sourceforge= .net >=20 > OK, but it wasn't recorded in my wtmp, so I suspect it might not get > recorded in others'. reverse dns is not a security measure. it is the opposite ;-) dns can be easily manipulated in thousand ways. one should never rely on reverse dns or dns in general. /k --=20 > The more we disagree, the more chance there is that at least one of us > is right. KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --BFVE2HhgxTpCzM8t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7F+I9M0BPTilkv0YRAhBkAJ9Sp8uYJVnBcHkyLEU6zgvAwTXnGQCeOEmB zeg/gpmDJ5436z/M5smjAs4= =Thnu -----END PGP SIGNATURE----- --BFVE2HhgxTpCzM8t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601204309.K10477>