Hello managers,
I have been using tcp wrapper rather long. But before it was built according
to defaults. Yesterday I installed it with some options and among them with
KILL_OPT = -DKILL_IP_OPTIONS
to protect against hosts that pretend to have someone elses host address.
Besides, (from README):
When compiled with -DPARANOID, the wrappers will always attempt to look
up and double check the client host name, and will always refuse
service in case of a host name/address discrepancy. This is a
reasonable policy for most systems.
Therefore, I consider as normal such strings in the log file:
Sep 21 16:42:56 alpha telnetd[14228]: warning: can't verify hostname:
gethostbyname(host211.pl16.nsc.ru) failed
Sep 21 16:42:56 alpha telnetd[14228]: refused connect from 194.226.190.211
since host211.pl16.nsc.ru is not resolvable with the name server.
So, in this case the user has no access to required service.
Nevertheless, today I received such an entry in my log file:
Sep 22 12:59:20 alpha telnetd[6735]: connect from 195.46.96.17
without the refuse message. The same time, in sialog there are such entries:
SIA:ERROR Tue Sep 22 13:00:33 1998
Failure to authenticate session for on /dev/ttyp4
SIA:ERROR Tue Sep 22 13:01:21 1998
Failure to authenticate session for (null) on /dev/ttyp4
(without user name (!) though it's rather telnet than ftp). So, I can judge
that this time the service *WAS ACCESSIBLE*, and only login procedure was
the last defence against violation.
The IP address 195.46.96.17 is not resolvable either.
I have neither /etc/hosts.deny nor /etc/hosts.allow.
I call "traceroute 195.46.96.17", and it is accomplished with such strings:
11 Irkutsk1-S7.RoSprint.net (193.232.91.189) 507 ms * *
12 Irnet-One-gw.RoSprint.net (193.232.91.73) 1000 ms * 1596 ms
13 195.46.96.49 (195.46.96.49) 1183 ms !H 1525 ms !H 1718 ms !H
where last address is different from what I pointed.
Your ideas about the situation will be much appreciated.
Thanks,
Irene
*************************************************************************
* *
* Irene A. Shilikhina e-mail: irene_at_alpha.iae.nsk.su *
* System administrator, *
* Institute of Automation & Electrometry, *
* Siberian Branch of Russian Academy of Sciences, *
* Novosibirsk, Russia *
*
http://www.iae.nsk.su/~irene *
*************************************************************************
* * *
* Good intentions pave a path to * Every cloud has a silver lining. *
* the hell. * *
* * *
*************************************************************************
Received on Tue Sep 22 1998 - 08:50:12 NZST