Typing away merrily, Robert Ruzbacky produced the immortal words: > Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't > verify hostname: gethostbyname(114.trusted.net) failed > Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 > Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org > Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't > verify hostname: gethostbyname(114.trusted.net) failed > Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 > > > Is this because my hosts.deny file is set to ALL: PARANOID
No. Your DNS setup is broken. % host -t ptr 209.140.0.114 Name: 114.trusted.net Address: 209.140.0.114 % host 114.trusted.net 114.trusted.net does not exist (Authoritative answer) You need forward DNS which matches the reverse. Otherwise, an attacker could do something like the following ... goodppl.example.net has 192.168.1/24 badppl.example.net have 192.168.6/24 Set reverse DNS for 192.168.6.66 to point to ours.goodppl.example.net. Hey presto, badppl can bypass all your filters easily, and nothing you can do about it. Matching forward and reverse DNS is a Good Thing(tm). -- HTML email - just say no --> Phil Pennock "We've got a patent on the conquering of a country through the use of force. We believe in world peace through extortionate license fees." -Bluemeat
