Re: ProFTPd and reverse DNS

[The Flying Hamster <hamster () vom tm>]

On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote:
> Howdy,
>
>       Recently while browsing through security logs I noticed that quite a few of the hosts
> connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
> not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
> could easily lead to an attacker hiding his real hostname from logfiles, or an attacker 
> slipping through ACL's by modifying their hostname. For the time being I recommend that the
> option 'UseReverseDNS' be disabled in the configuration file until this is fixed.

I note that other people are recommending mod_wrap and inetd mode, I
would also caution against relying on rDNS anyway.
 
> Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
> down for the past 4-5 days that I've tried it, the version tested
> was 1.2.2rc2.

It has?  News to me.

For the record there are a significant number of mirror sites which
conform to the www.<isocode>.proftpd.org naming scheme (we cover about
26 countries now).  Bugs should be reported via
http://bugs.proftpd.org/

Security issues: security () proftpd org
Core team: core () proftpd org (please only use this for issues which
aren't appropriate to the mailing lists, security alias or the bug
system).

If you can raise a bug on this issue via the bugzilla interface I
would appreciate it.

   Mark


-- 
The Flying Hamster <hamster () suespammers org>         http://hamster.wibble.org/
I'm not a complete idiot, some parts are missing!