From owner-freebsd-security  Sun Jun  2 14:17:57 2002
Delivered-To: freebsd-security@freebsd.org
Received: from blacklamb.mykitchentable.net (ekgr-dsl6-t65.citlink.net [207.173.251.65])
	by hub.freebsd.org (Postfix) with ESMTP id E673C37B407
	for <security@FreeBSD.ORG>; Sun,  2 Jun 2002 14:17:51 -0700 (PDT)
Received: from TAGALONG (unknown [192.168.1.27])
	by blacklamb.mykitchentable.net (Postfix) with SMTP
	id C58CFEE540; Sun,  2 Jun 2002 14:17:49 -0700 (PDT)
Message-ID: <000e01c20a7a$edf501a0$1b01a8c0@TAGALONG>
From: "Drew Tomlinson" <drew@mykitchentable.net>
To: <cjclark@alum.mit.edu>, "Hajimu UMEMOTO" <ume@mahoroba.org>
Cc: <security@FreeBSD.ORG>
References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> <20020602113409.F20911@blossom.cjclark.org> <ygelm9xikg6.wl@piano.mahoroba.org> <20020602121922.H20911@blossom.cjclark.org>
Subject: Re: Security Messages re: hosts.allow?
Date: Sun, 2 Jun 2002 14:17:40 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

----- Original Message -----
From: "Crist J. Clark" <crist.clark@attbi.com>
To: "Hajimu UMEMOTO" <ume@mahoroba.org>
Cc: "Drew Tomlinson" <drew@mykitchentable.net>; <security@FreeBSD.ORG>
Sent: Sunday, June 02, 2002 12:19 PM
Subject: Re: Security Messages re: hosts.allow?


> On Mon, Jun 03, 2002 at 03:50:33AM +0900, Hajimu UMEMOTO wrote:
> > Hi,
> >
> > >>>>> On Sun, 2 Jun 2002 11:34:09 -0700
> > >>>>> "Crist J. Clark" <crist.clark@attbi.com> said:
> >
> > crist.clark>   server1.camelweb.com.tw.  23h59m43s IN CNAME
dns.camelweb.com.tw.
> > crist.clark>   server1.camelweb.com.tw.  23h59m43s IN A
210.59.224.44
> > crist.clark>   dns.camelweb.com.tw.    22h47m42s IN A
210.59.224.42
> >
> > crist.clark>   42.224.59.210.in-addr.arpa.  9h1m47s IN PTR
server1.camelweb.com.tw.
> >
> > crist.clark> But from the looks of it, these DNS entries
themselves do not look
> > crist.clark> malicious.
> >
> > No, CNAME RR cannot co-exist with A RR.
>
> I didn't say it wasn't broken DNS. I was saying that it does not
look
> like someone is trying to pretend they are someone they are not
(which
> is the reason tcpwrapper produces that kind of warning).

Thanks for your replies.  So the bottom line is that someone from this
domain attempted to establish a ssh session with my server?  This is
just a little home server for my amusement and no one other than
myself should access it.  I guess it might be time to learn about
"keys" and restrict access to only myself.  Any reading suggestions
for an absolute beginner?

Thanks again,

Drew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message