On Wednesday 28 November 2007, Dale wrote:
> Billy Holmes wrote:
> >
> > that's what the REMOTE machine will do after you connect to it, but
> > before you get a prompt. This can (normally) be configured on an
> > application basis to not do it.
>
> OK. I read most of it, what I could get a grip on anyway. Basically
> it looks to see if that IP address has a name too. Sort of silly but,
> whatever works I guess.
It does not stop there. It's usually used to prevent spoofing.
The complete process is more or less as follows: suppose you connect with
a spoofed IP address, then the remote end will do the reverse lookup to
find out your dns name, do a forward lookup with the name it just found,
and see if the resulting IP is the one you are connecting from.
From man sshd_config:
UseDNS Specifies whether sshd(8) should look up the remote host name
and check that the resolved host name for the remote IP address
maps back to the very same IP address. The default is ``yes''.
--
[EMAIL PROTECTED] mailing list
