Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Slooooooow down: logs, smartctl, DNS? [SOLVED?]

Darren Cook writes:

 > The manual ([1]) says:
 >     UseDNS  Specifies whether sshd should look up the remote
 >        host name and check that the resolved host name for the
 >        remote IP address maps back to the very same IP address.
 >        The default is yes.
 > So it is more than just for logging. But what security hole, if any, is
 > being opened by switching it off? Is the answer different for a server
 > on a LAN, and one that is listening on a global IP?

It makes address spoofing a little bit easier.  In Dave's
applications, which AIUI are all intranet, I would prefer to set up
bind or /etc/hosts locally, and have an internal DNS that works
correctly, but not for security reasons.

The security hole is the same in both cases; an attacker may be able
to spoof a machine where authorized users are supposed to exist from a
machine where they should not.  Obviously, if there are direct routes
to the Internet you've dramatically increase the possibility of
spoofing.  If it's all on the LAN you should be safer, but for example
if Dave were seeing connections from a server box that shouldn't have
any active users on it, that would clue him that his LAN has been
subverted (perhaps by his daughter downloading AKB48 songs or
something like that).

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links