[plug] dns reverse lookup
Peter Sutter
sutterp at sopac.com.au
Fri Sep 21 20:12:48 WST 2007
On Friday 21 September 2007 10:48, Peter Wright wrote:
> On 21/09 10:18:05, Mike Holland wrote:
> > Adrian Woodley wrote:
> >> How sure are you that a reverse lookup is required, particularly
> >> for ssh? I haven't ever come across it.
> >
> > nor I. rsync and ftp can work fine without reverse-DNS too. Its quite
> > common on LANs.
> > Any idea what is actually blocking them on your system Peter?
>
> I'm not the original Peter :), but to the original Peter -
>
> Have you tried checking /etc/hosts.deny ?
>
> If you've got the "ALL: PARANOID" setting enabled, I *think* that may
> lead to a problem much like the one described.
>
> Worth a look in any case.
>
> Pete.
Its not a problem but a conscious choice. Yes, I have 'all paranoid' set after
iinet refused to take action against a well know hacker who tried to
penetrate systems which I administer. This matter is now with the FEDs.
Because my customers had dynamic IP addresses, I had little choice but to
enable the whole iinet subnet they were coming from specially because their
connections were unstable and the IP addresses changed several times a day.
I still believe that reverse lookup is a basic form of authentication which
most spammers and phishers fail to overcome. Most of the ssh dictionary
attacks also come from sources which have no reverse lookup, I feel a bit
more secure so.
The problem has solved itself in two ways, firstly iinet corrected the issue
by adding the reverese lookup and secondly, my customers now moved to amnet
where they get a fix ip address for less money than they were paying with
iinet. I can now most likely drop the paranoid setting and will be content by
knowing the ip addresses they are coming from and add them
to /etc/hosts.allow.
Thanks
The 'original' Peter
More information about the plug
mailing list