Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: Internet Worm

Re: Internet Worm

F. L. Charles Seeger III (seegercis.ufl.edu)
Tue, 18 Oct 1994 21:09:46 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Abreau: "Re: chmod 000 .rhosts - works?"
Previous message: Mark W. Eichin: "Re: Internet Worm"
In reply to: jimTadpole.COM: "Re: Internet Worm"
Next in thread: jimTadpole.COM: "Re: Internet Worm"

+------ jimTadpole.COM wrote (Tue, 18-Oct-94, 13:57 -0500):
|
| Sun (at least in SunOS 4) didn't do any "mucking about" with
| libresolv and YP in libc.

Wrongo!.  Sun changed the semantics of the gethostbyaddr() resolver
function and changed several programs, including rlogin, to depend
on the changed semantics for security.

The change has gethostbyaddr() checking its result with a call to
gethostbyname(), i.e. checking that the DNS has both a PTR record
and a matching A record for that IP address and associated host name.
The intent is to prevent spoofing.  IMHO, this ought to be done
either in the application program or in a separate library call.

Regards,
Chuck

Next message: John Abreau: "Re: chmod 000 .rhosts - works?"
Previous message: Mark W. Eichin: "Re: Internet Worm"
In reply to: jimTadpole.COM: "Re: Internet Worm"
Next in thread: jimTadpole.COM: "Re: Internet Worm"