[41] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (jim@Tadpole.COM)
Tue Oct 18 20:39:15 1994
From: jim@Tadpole.COM
Date: Tue, 18 Oct 1994 16:57:11 -0500
To: ccsis@bath.ac.uk
Cc: bugtraq@fc.net
> I think you will find that Sun put a double lookup into
> gethostbyaddr(), to prevent spoofing. This of course goes against
> the Unix spirit of 'do one thing only, but do it well'. This double
> lookup can be enabled with the resolv+ library by using the
> 'nospoof' command in its configuration file.
I think that you will find that you are wrong, and the reverse lookup
actually happens in ypserv, specificly in the part that looks up
addresses via the DNS, not the routine in libc. If you still think
I'm wrong, I invite you to disassemble gethostent.o from libc.a and
take a look for anything that might be code that does a reverse lookup.
The comments about 'nospoof' and resolv+ are accurate.
Jim