Wendy Palm
2003-Jun-06 18:10 UTC
bugtraq re: remote client address restriction circumvention
does anyone have a comment to make about this? (cert picked it up and we're being asked for a vendor response) http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0 do we have an "official" response yet? thanks, wendy -- wendy palm Cray Open Software Development, Cray Inc. wendyp at cray.com, 651-605-9154
Markus Friedl
2003-Jun-06 18:44 UTC
bugtraq re: remote client address restriction circumvention
On Fri, Jun 06, 2003 at 01:10:34PM -0500, Wendy Palm wrote:> does anyone have a comment to make about this? > (cert picked it up and we're being asked for a vendor response) > > http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0 > > do we have an "official" response yet?official response: If you depend on IP or DNS based access control, make sure VerifyReverseMapping is turned on in your sshd_config file. Otherwise there's not reason to care about this. In the current code/next release the VerifyReverseMapping option is deprecated and replaced by UseDNS. -m