[41] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Internet Worm

daemon@ATHENA.MIT.EDU (jim@Tadpole.COM)
Tue Oct 18 20:39:15 1994

From: jim@Tadpole.COM
Date: Tue, 18 Oct 1994 16:57:11 -0500
To: ccsis@bath.ac.uk
Cc: bugtraq@fc.net

> I think you will find that Sun put a double lookup into
> gethostbyaddr(), to prevent spoofing. This of course goes against
> the Unix spirit of 'do one thing only, but do it well'. This double
> lookup can be enabled with the resolv+ library by using the
> 'nospoof' command in its configuration file.

I think that you will find that you are wrong, and the reverse lookup
actually happens in ypserv, specificly in the part that looks up
addresses via the DNS, not the routine in libc.  If you still think
I'm wrong, I invite you to disassemble gethostent.o from libc.a and
take a look for anything that might be code that does a reverse lookup.

The comments about 'nospoof' and resolv+ are accurate.

Jim

home help back first fref pref prev next nref lref last post