Useless log message "POSSIBLE BREAK-IN ATTEMPT"

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 28 Dec 2013, Kaz Kylheku wrote:

> 
> On 27.12.2013 14:52, Dan Mahoney, System Admin wrote:
> 
> On Thu, 26 Dec 2013, Dan Kaminsky wrote:
>             The deal is that IP addresses are useless, host
>             names are useful , but host name spoofing is
>             actually a real thing that real attackers do. So,
>             either you don't log, you log hacker controlled
>             data, or you UseDNS. OpenSSH, optimizing for
>             security, chooses the last of these options.
> 
> I think the point here is that there's no option for openSSH to then *drop 
> the connection* or refuse it.  OpenSSH *checks*, but does not 
> *enforce* anything.  Sendmail will refuse to relay if my forward and 
> reverse DNS don't match.  If I have an Allow From *.example.edu in 
> my apache config, apache requires them both to match or it won't 
> let me in.  OpenSSH will clutter my logs and do nothing else
> 
> Refusing such connections makes perfect sense in unauthenticated SMTP. Doing
> so will get rid of a large fraction of spam, with virtually no false
> positives.
> 
> It makes no sense in SSH. You'd never want to refuse a connection which has
> the correct password or key just because it came from an IP address that
> doesn't have reversible DNS.

..

> There is no reason for ssh to "use DNS" except in the client to resolve
> server addresses.


Sure you would, and I cited an example where you might.

However, here's my other question -- if you have such a restriction turned 
on (host-restricted config in sshd_config or authorized-keys), but UseDNS 
turned *off* will DNS still be used?  Or will turning UseDNS off basically 
break these features?

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux