> Date: Thu, 24 Jan 2002 09:44:46 +1300 > From: Render-Vue <[EMAIL PROTECTED]>
> Jan 23 12:31:00 ns in.proftpd[17902]: warning: /etc/hosts.deny, line 57: > host name/address mismatch: 151.198.232.26 != mail.forhealers.com Mismatch between forward and reverse DNS: 151.198.232.26 --> mail.forhealers.com mail.forhealers.com --> 151.198.232.220 The differing IP addresses make it look like someone is trying to forge reverse DNS to gain access. For instance, let's say that you gave elevated privileges to "mail.forhealers.com". I configure 216.89.137.66 (one of my IP addresses) to resolve to "mail.forhealers.com", enabling me easy access. To thwart this, you verify the FQHN that I claim to be. The forward lookup gives 151.198.232.220, and catches me in the act. Somebody has screwed-up DNS, that's all. HTH, Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
