I think this background about the origin of "security" through
reverse lookup is helpful. Certainly not hurtful, which is what my
old rant about its use on UUnet's FTP server might be.
John
On May 31, 2007, at 5:24 PM, Andrew Sullivan wrote:
Dear colleagues,
We received a suggestion that a short section outlining the history of
the use of reverse mapping in security contexts would be a good thing
to add to the reverse-mapping-considerations draft. I have some
proposed text to add. Before I add it, I'd like to ask for comments.
I am hoping that this text will be relatively uncontroversial, but if
it proves to be more contentious than the document has been already,
I'll cheerfully leave it out.
2.1 Historical origins of reverse mapping use in security
.in 3
The growth of the Internet in the late 1980s and early 1990s brought
with it attackers who acquired access to machines without
authorization. Many systems attached to the Internet up to that time
were poorly prepared for such attacks, and administrators were forced
to react using available resources rather than to redesign the network
to meet the new security challenges.
The popular TCP Wrapper package was originally conceived to discover
the network location of an attacker [Venema1992]. It used the reverse
mapping of a connecting host to provide the hostname of that host in
its output.
During the same period, the so-called "UNIX r* commands", like rlogin
[RFC1282] and [RFC1258], were widely used, in spite of warnings that
they were prone to abuse [Reid1987]. The r* commands allowed users to
employ a list of trusted hosts, from which connections would be
accepted and authenticated without password (sometimes called the
"rhosts authentication" mechanism). The mechanism remained in
widespread use (in spite of known flaws) because of its convenience.
Since the list of trusted hosts was a simple list of hostnames or
addresses, an attacker could acquire access by intercepting the DNS
query for a hostname, and replying with the IP address from which the
attacker was making the rhosts authentication attempt. (This was not
the only weakness in the mechanism, but it is the most relevant to
reverse mapping.)
In an effort to strengthen the rhosts authentication mechanism, the
TCP Wrapper package soon offered the ability to perform reverse
mapping matching checks. If the reverse and forward mappings did not
match, the wrapper program would terminate the connection before
checking any of its other permissions. This mechanism could be used
for all connections, on the grounds that forward and reverse
mismatches were an indication either that an attack was in progress;
or else that the network was badly managed, and therefore a likely
origin for attack.
Best regards,
Andrew
--
Andrew Sullivan 204-4141 Yonge Street
Afilias Canada Toronto, Ontario Canada
<[EMAIL PROTECTED]> M2P 2A8
jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
