bugtraq re: remote client address restriction circumvention

Markus Friedl markus at openbsd.org
Sat Jun 7 04:44:33 EST 2003


On Fri, Jun 06, 2003 at 01:10:34PM -0500, Wendy Palm wrote:
> does anyone have a comment to make about this?
> (cert picked it up and we're being asked for a vendor response)
> 
> http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0
> 
> do we have an "official" response yet?

official response:

	If you depend on IP or DNS based access control,
	make sure VerifyReverseMapping is turned on
	in your sshd_config file.

	Otherwise there's not reason to care about this.

In the current code/next release the VerifyReverseMapping option
is deprecated and replaced by UseDNS.

-m




More information about the openssh-unix-dev mailing list