On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:
> Howdy,
>
> Recently while browsing through security logs I noticed that quite a few of the hosts
> connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
> not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
> could easily lead to an attacker hiding his real hostname from logfiles, or an attacker
> slipping through ACL's by modifying their hostname. For the time being I recommend that the
> option 'UseReverseDNS' be disabled in the configuration file until this is fixed.

I note that other people are recommending mod_wrap and inetd mode, I
would also caution against relying on rDNS anyway.
 
> Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
> down for the past 4-5 days that I've tried it, the version tested
> was 1.2.2rc2.

It has? News to me.

For the record there are a significant number of mirror sites which
conform to the www.<isocode>.proftpd.org naming scheme (we cover about
26 countries now). Bugs should be reported via
http://bugs.proftpd.org/

Security issues: securityproftpd.org
Core team: coreproftpd.org (please only use this for issues which
aren't appropriate to the mailing lists, security alias or the bug
system).

If you can raise a bug on this issue via the bugzilla interface I
would appreciate it.

   Mark

-- 
The Flying Hamster <hamstersuespammers.org>         http://hamster.wibble.org/
I'm not a complete idiot, some parts are missing!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]