[22573] in bugtraq
Re: ProFTPd and reverse DNS
daemon@ATHENA.MIT.EDU (The Flying Hamster)
Sat Sep 8 15:23:31 2001
Date: Sat, 8 Sep 2001 09:21:37 +0100
From: The Flying Hamster <hamster@vom.tm>
To: bugtraq@securityfocus.com
Message-ID: <20010908092137.B23652@vom.tm>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010907153827.P20505@techmonkeys.org>
On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:
> Howdy,
>
> Recently while browsing through security logs I noticed that quite a few of the hosts
> connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
> not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
> could easily lead to an attacker hiding his real hostname from logfiles, or an attacker
> slipping through ACL's by modifying their hostname. For the time being I recommend that the
> option 'UseReverseDNS' be disabled in the configuration file until this is fixed.
I note that other people are recommending mod_wrap and inetd mode, I
would also caution against relying on rDNS anyway.
> Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
> down for the past 4-5 days that I've tried it, the version tested
> was 1.2.2rc2.
It has? News to me.
For the record there are a significant number of mirror sites which
conform to the www.<isocode>.proftpd.org naming scheme (we cover about
26 countries now). Bugs should be reported via
http://bugs.proftpd.org/
Security issues: security@proftpd.org
Core team: core@proftpd.org (please only use this for issues which
aren't appropriate to the mailing lists, security alias or the bug
system).
If you can raise a bug on this issue via the bugzilla interface I
would appreciate it.
Mark
--
The Flying Hamster <hamster@suespammers.org> http://hamster.wibble.org/
I'm not a complete idiot, some parts are missing!
