[1620] in Release_Engineering
Re: [long-morrow@yale.arpa: rlogind/rshd broken by nameserver spoofing in in-addr.arpa domains &fix]
probe@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Mon Sep 11 07:27:16 1989
From looking at the patches, it does not appear that there is no
functional change in the way it uses hostnames. All it is doing
is:
After getting the name from the address, it gets stats
on the name to get the address(es). (two-way resolve)
There is still a problem... if you control your domain, you can
always set up a reverse-resolve, but this would also hurt the
other host. A simpler way of accomplishing this spoofing is to
simply beat the nameserver to the reply and spoof a reply. The
fix presented here does not stop this mode of attack.
It would only be a problem if it was getting the address from the
name of the machine and then trying to resolve back to the name.
Actually, it can also be a problem if a machine is using a port
on the internet that is only resolved one-way, but in this case,
I would say that the nameserver for that domain is inconsistent.
-Richard
