10-04-2004
I'm close to getting this resolved, thanks to your initial response, Hassan2.
I checked the man page on tcpd, which reports the following:
When looking up the client host name corresponding to an IP address, tcpd verifies the name that is returned by the DNS server by comparing it with the host name and address that are returned when the name is used to look up the corresponding IP address. This is know as a ``double reverse lookup''. If any discrepancy is detected, tcpd concludes that it is dealing with a host that is pretending to have someone else's host name.
The supplied version of tcpd was compiled with PARANOID defined, so that it will drop the connection in case of a host name/address mismatch.
Is it possible to edit hosts.allow with a valid subnet (or LIST of valid subnets) rather than each individual IP address?
Last edited by rm -r *; 10-04-2004 at 07:06 PM..
9 More Discussions You Might Find Interesting
1. SCO
I installed Openserver 5.0.7 and I cannot telnet to the localhost and I can't telnet from my old SCO 3.2.42 to the new SCO machine but I can ping the new machine and it will telnet to the old machine. (2 Replies)
Discussion started by: printrick
2 Replies
2. Shell Programming and Scripting
Hi everyone,
I am having a problem in the following area:
I want to arrange list of Ip Addresses selected from a multiple files and make it look like this:
"IP=192.168.0.1, hostname=snake.cooliris.com"
Now i have already written the code to select the ip address from various files but... (4 Replies)
Discussion started by: snake450
4 Replies
3. UNIX for Advanced & Expert Users
Originally I had the server at home and on Comcast so I used dyndns.org for DNS.
Once the server got a bit more popular, I leased a server at a colo facility. They set up the server name in their DNS so I didn't really have any reason to manage my own DNS. DynDNS was managing the domains and I... (7 Replies)
Discussion started by: BOFH
7 Replies
4. UNIX for Advanced & Expert Users
Folks...have just stumbled on an issue where DNSstuff says there is no reverse dns in place when there is...as evidenced by a reverse check from 3 diff networks.
Any advice why this would be happening (DNSstuff-wise) would be appreciated.
Jordan:
jsd@standby:~$ host 12.177.133.70... (3 Replies)
Discussion started by: jsd
3 Replies
5. IP Networking
Hello, I'm trying to get reverse dns to point to my domain on network but I'm failing. I am using bind dns with port 53 enabled and my ISP is mediacom. Currently my reverse dns is *.client.mchsi.com and I would like to make it example.com basically.
My bind configuration
I have 2 records, one... (4 Replies)
Discussion started by: GRMrGecko
4 Replies
6. AIX
Hi,
After a crash of our older AIX server it happend as it is in the title:
ping is ok, but telnet:
What it can be this strange thing?
Franci (2 Replies)
Discussion started by: frajer
2 Replies
7. Linux
Hi all,
i got stuck with telnet issue, I am not able to telnet on 4001 port it show connection refused.
with default port it will open
# telnet 127.0.0.1
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Fedora release 14 (Laughlin)
Kernel 2.6.35.6-45.fc14.i686 on... (1 Reply)
Discussion started by: muzaffar.k
1 Replies
8. Shell Programming and Scripting
Hi All,
I am using the below script to get some files from the remote location
HOST='Test03'
USER='root'
PASSWD='*****'
FILE='/home/user/d.txt'
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
get $FILE
quit
END_SCRIPT
exit 0
But ist is giving me the... (3 Replies)
Discussion started by: sharsour
3 Replies
9. Red Hat
Hi guys. Ok so let me lay out my configs. I can do a NSlookup from client to server BUT NOT a reverse lookup.
DNS server: Optimus.jaydomain.com
IP : 192.168.1.50
DNS Client: Megatron.jaydomain.com
IP : 192.168.1.60
On Sever:
# cat /etc/named.conf
//
// named.conf
//
// Provided... (4 Replies)
Discussion started by: Junaid Subhani
4 Replies
LEARN ABOUT X11R4
tcpdmatch
TCPDMATCH(8) System Manager's Manual TCPDMATCH(8)
NAME
tcpdmatch - tcp wrapper oracle
SYNOPSIS
tcpdmatch [-d] [-i inet_conf] daemon client
tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
DESCRIPTION
tcpdmatch predicts how the tcp wrapper would handle a specific request for service. Examples are given below.
The program examines the tcpd access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal
accuracy, it extracts additional information from your inetd network configuration file.
When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell com-
mands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the pro-
gram understands.
ARGUMENTS
The following two arguments are always required:
daemon A daemon process name. Typically, the last component of a daemon executable pathname.
client A host name or network address, or one of the `unknown' or `paranoid' wildcard patterns.
When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.
When a client address is specified, tcpdmatch predicts what tcpd would do when client name lookup fails.
Optional information specified with the daemon@server form:
server A host name or network address, or one of the `unknown' or `paranoid' wildcard patterns. The default server name is `unknown'.
Optional information specified with the user@client form:
user A client user identifier. Typically, a login name or a numeric userid. The default user name is `unknown'.
OPTIONS
-d Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
-i inet_conf
Specify this option when tcpdmatch is unable to find your inetd.conf network configuration file, or when you suspect that the pro-
gram uses the wrong one.
EXAMPLES
To predict how tcpd would handle a telnet request from the local system:
tcpdmatch in.telnetd localhost
The same request, pretending that hostname lookup failed:
tcpdmatch in.telnetd 127.0.0.1
To predict what tcpd would do when the client name does not match the client address:
tcpdmatch in.telnetd paranoid
On some systems, daemon names have no `in.' prefix, or tcpdmatch may need some help to locate the inetd configuration file.
FILES
The default locations of the tcpd access control tables are:
/etc/hosts.allow
/etc/hosts.deny
SEE ALSO
tcpdchk(8), tcpd configuration checker
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
inetd.conf(5), format of the inetd control file.
AUTHORS
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
TCPDMATCH(8)