Re: Strange message in logs
At 08:04 AM 4/12/00 +0200, Tamas TEVESZ wrote: AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. not true. they are ued by any program which has libwrap support. But is that enabled by default? Or is modification required. I did some testing a while back and not every service rejected connections. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
On Tue, 11 Apr 2000, Chris Wagner wrote: AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. not true. they are ued by any program which has libwrap support. -- [-] kazmer at any cost ! ++ Minek olvasol linux-kezdot ha nem birod ? - sstu
Strange message in logs
Hi! I get the following error messages in my log: Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 Is this because my hosts.deny file is set to ALL: PARANOID (this is the only line apart from comments and is line 9) My hosts.allow has the following in line 11: ALL: .mydomain.com.au Is there a way to fix this, as I am assuming that the machine that is denied access cannot access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. I am running Debian 1.3 (but some parts are Hamm (eg: libraries are lib.so.6), apache and qmail. Rob...
Re: Strange message in logs
Typing away merrily, Robert Ruzbacky produced the immortal words: Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 Is this because my hosts.deny file is set to ALL: PARANOID No. Your DNS setup is broken. % host -t ptr 209.140.0.114 Name: 114.trusted.net Address: 209.140.0.114 % host 114.trusted.net 114.trusted.net does not exist (Authoritative answer) You need forward DNS which matches the reverse. Otherwise, an attacker could do something like the following ... goodppl.example.net has 192.168.1/24 badppl.example.net have 192.168.6/24 Set reverse DNS for 192.168.6.66 to point to ours.goodppl.example.net. Hey presto, badppl can bypass all your filters easily, and nothing you can do about it. Matching forward and reverse DNS is a Good Thing(tm). -- HTML email - just say no -- Phil Pennock We've got a patent on the conquering of a country through the use of force. We believe in world peace through extortionate license fees. -Bluemeat
