[8491] in bugtraq
Re: tcpd -DPARANOID doesn't work, and never did
daemon@ATHENA.MIT.EDU (Chip Christian)
Tue Nov 10 16:58:38 1998
Date: Tue, 10 Nov 1998 10:19:39 -0500
Reply-To: Chip Christian <chip@PRINCETONTELE.COM>
From: Chip Christian <chip@PRINCETONTELE.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from Wietse Venema <wietse@PORCUPINE.ORG> of "Mon, 09 Nov
1998 19:57:58 EST."
<19981110005759.11BC845B53@spike.porcupine.org>
wietse@PORCUPINE.ORG said:
> (4) some other application, not tcpd, does address->name lookup
> and uses the result for "authentication" purposes.
A number of years back smb pointed out the folly of r_cmds.c using #4
alone for authentication, so having the source for SunOS we were able to
patch in #1-2 long before Sun got around to it. I hope that nobody ships
code like that anymore. This had nothing to do with TTL, of course. And
rshd that uses 1+2 should also be not vulnerable to a TTL attack. Cache
poisoning was also pointed out and fixed probably as many years ago, also
thanks to smb if I recall correctly.
> (1) tcpd does address->name lookup, to find out the client
> hostname.
> (2) tcpd does name->address lookup, to find out the client
> address list.
> (3) if there is a discrepancy, tcpd drops the connection.
