Bugtraq mailing list archives
Outdated DNS and syslog
From: hey_you () POWERTRIP NET (Aaron Schultz)
Date: Fri, 7 Nov 1997 11:25:58 -0800
Many large ISPs such as iadfw.net are still pointing their nameservers at
cache servers that apparently are pointed at other cache servers and so
on. If you are one of the people doing this you are in danger of not
being able to correctly identify and go after anyone who may attampt to
hack your system. Besides being a DNS issue this is a syslog issue since
most versions of syslog auto-lookup domain information and logs that
instead of the IP. I believe that there are probably patches for syslog
to log both IP and DNS lookups or just the IP, but the other solution is
going to a root DNS server for lookups - this way your data in your syslog
will be updated with who is REALLY connecting to your system instead of
outdated cache data. Perhaps the syslog deal isn't a true bug, but it is
definately something that should be thought about since most
administrators depend on those log files to see who is attempting to
connect.
=================================================================
Aaron Schultz - hey_you () powertrip net - www.powertrip.net/~master
In a world without fences, who needs Gates?
=================================================================
Current thread:
- Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug Travis Hassloch (Nov 11)
- Re: WARNING: Linux Intel Pentium Bug Alan Cox (Nov 08)
- Re: WARNING: Linux Intel Pentium Bug Roger Espel Llima (Nov 09)
- solaris (fwd) Rob Hagopian (Nov 09)
- Re: solaris (fwd) Corey Lindsly (Nov 09)
- Re: solaris (fwd) James Lockwood (Nov 09)
- Re: solaris (fwd) Dalvenjah FoxFire (Nov 09)
- Re: WARNING: Linux Intel Pentium Bug Kurt Seifried (Nov 07)
- Re: WARNING: Linux Intel Pentium Bug Tim Newsham (Nov 07)
- Re: WARNING: Linux Intel Pentium Bug Alan Cox (Nov 08)
- Outdated DNS and syslog Aaron Schultz (Nov 07)