Re: Strange message in logs
At 08:04 AM 4/12/00 +0200, Tamas TEVESZ wrote: > > AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. >not true. they are ued by any program which has libwrap support. But is that enabled by default? Or is modification required. I did some testing a while back and not every service rejected connections. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
On Tue, 11 Apr 2000, Chris Wagner wrote: > AFAIK, the hosts.* files only affect daemons run out of inetd, not > stand-alones. not true. they are ued by any program which has libwrap support. -- [-] kazmer at any cost ! ++ Minek olvasol linux-kezdot ha nem birod ? - sstu
Re: Strange message in logs
At 05:42 PM 4/10/00 +1000, Robert Ruzbacky wrote: >Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed >Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 A lookup: can't get "114.trusted.net" host entry. PTR lookup: Official Name: 114.trusted.net IP Address: 209.140.0.114 The frontways and reverse DNS must agree. You must sync the DNS entries. >Is this because my hosts.deny file is set to ALL: PARANOID Yes. >Is there a way to "fix" this, as I am assuming that the machine that is denied access cannot >access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
Typing away merrily, Robert Ruzbacky produced the immortal words: > Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't > verify hostname: gethostbyname(114.trusted.net) failed > Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 > Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org > Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't > verify hostname: gethostbyname(114.trusted.net) failed > Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 > > > Is this because my hosts.deny file is set to ALL: PARANOID No. Your DNS setup is broken. % host -t ptr 209.140.0.114 Name: 114.trusted.net Address: 209.140.0.114 % host 114.trusted.net 114.trusted.net does not exist (Authoritative answer) You need forward DNS which matches the reverse. Otherwise, an attacker could do something like the following ... goodppl.example.net has 192.168.1/24 badppl.example.net have 192.168.6/24 Set reverse DNS for 192.168.6.66 to point to ours.goodppl.example.net. Hey presto, badppl can bypass all your filters easily, and nothing you can do about it. Matching forward and reverse DNS is a Good Thing(tm). -- HTML email - just say no --> Phil Pennock "We've got a patent on the conquering of a country through the use of force. We believe in world peace through extortionate license fees." -Bluemeat
Strange message in logs
Hi! I get the following error messages in my log: Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 Is this because my hosts.deny file is set to ALL: PARANOID (this is the only line apart from comments and is line 9) My hosts.allow has the following in line 11: ALL: .mydomain.com.au Is there a way to "fix" this, as I am assuming that the machine that is denied access cannot access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. I am running Debian 1.3 (but some parts are Hamm (eg: libraries are lib.so.6), apache and qmail. Rob...