[22577] in bugtraq
Re: ProFTPd and reverse DNS
daemon@ATHENA.MIT.EDU (Krzysztof Halasa)
Sat Sep 8 22:09:49 2001
To: bugtraq@securityfocus.com
From: Krzysztof Halasa <khc@intrepid.pm.waw.pl>
Date: 08 Sep 2001 11:36:14 +0200
In-Reply-To: "Michael S. Fischer"'s message of "Fri, 7 Sep 2001 17:16:14 -0700"
Message-ID: <m3heueqb1t.fsf@intrepid.pm.waw.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
"Michael S. Fischer" <michael@dynamine.net> writes:
> Another potentially useful workaround is to configure ProFTPd to run out
> of inetd, using TCP Wrappers to enforce paranoid DNS checks. This way
> you can have your cake and eat it too.
One can probably bypass ftpd ACLs in such configuration - it should be
possible to provide valid DNS/rDNS mapping when tcp wrapper is asking
(using short TTL) and then give ftpd some other host name.
It might be fine if you just don't want visits from unregistered hosts.
--
Krzysztof Halasa
Network Administrator
