Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- Date: Wed, 19 Jan 2011 15:14:53 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- References: <4D306C45.8080109@example.com> <20110114165007.18eb5840.jep200404@example.com> <4D311CE8.5020106@example.com> <AANLkTikKX32FFRvLbETMOMwxZ_scOx8iABuszOkuuWfg@example.com> <4D31CCD1.20506@example.com> <4D323FC1.3080803@example.com> <4D327BEB.5070806@example.com> <20110116074025.GA21244@example.com> <B94AB967-6FDE-4F2E-BC9D-03E088817FA5@example.com> <4D32D104.9060807@example.com> <AANLkTik9NEEWtMX3nAtRbvZyT4xh3MoXXYh6ow9fBiaa@example.com> <8739os8b9f.fsf@example.com> <AANLkTikV3MSZYmgY4S6ExrtSmNEKaBsRSvJZ9x7z2szp@example.com> <4D345E12.1060808@example.com> <4D3581EA.4080209@example.com> <4D363B0D.8030405@example.com> <87hbd579uc.fsf@example.com> <4D367EE1.8000502@example.com>
Darren Cook writes: > A bit of googling on "address spoofing SSH" says it won't work; even if > you say you are 1.2.3.4 the server will reply to the real 1.2.3.4, not > to you. True. The potential problem is that in a dynamic DNS world, your machine may have a reliable domainname, but not a reliable IP. Thus some identification mechanisms may filter on the domainname. Roundtripping through the DNS will allow confirmation that the domainname and IP actually do match, and that therefore the host's address and domainname was set up by somebody with enough privilege to manipulate DNS for that domain. That's either a properly authorized admin, or a very skilled cracker. > might work. But I still don't see how a DNS lookup changes anything: if > I can change the IP address on machine C I can also change the hostname. No, you can't in the sense you mean here. You can change the hostname that the host knows, but you can't change its domainname (the hostname that the DNS knows) to something you don't "own" in the DNS. (Unless you subvert the DNS itself, which since release of bind9 has become much harder even without thorough implementation of DNSSEC.) > (I realize I must be misunderstanding something, somewhere, or sshd > wouldn't have the UseDns option :-) In my experience, all these DNS roundtrip checks are much more annoying than useful. ISTM that even today, you're more likely to run into a poorly configured DNS than a trivial spoofing attack that would be caught by something like this. But then, I don't really have that much to protect, so perhaps the bad guys simply haven't bothered to hit me where it hurts yet. I found "the firewalls book" (Firewalls and Internet Security, by Bellovin and Cheswick) to be really helpful in understanding these issues. I don't know if it has been revised since I bought it about 15 years ago :-), but even if not, the based principles are very clearly explained, and they have a number of rather entertaining stories.
- Follow-Ups:
- References:
- [tlug] Slooooooow down
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: jep200404
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Romeo Theriault
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Darren Cook
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Christian Horn
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: mariod410
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Mario De Tore
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Stephen J. Turnbull
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Mario De Tore
- Re: [tlug] Slooooooow down: logs, smartctl, DNS?
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- From: Dave M G
- Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- From: Darren Cook
- Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- From: Stephen J. Turnbull
- Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- From: Darren Cook
- [tlug] Slooooooow down
- Prev by Date: Re: [tlug] LAN, but no internet
- Next by Date: Re: [tlug] LAN, but no internet [SOLVED]
- Previous by thread: Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]
- Next by thread: Re: [tlug] Slooooooow down: logs, smartctl, DNS? [NOT SOLVED?]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |