Xymon Mailing List Archive search

security hole? server masquerade

3 messages in this thread

list Ye-fee Liang · Thu, 29 Nov 2007 17:05:44 -0500 (EST) · 
We have 2 servers:

1.2.3.4   servera
  4.5.6.8   serverb
   
  During DR(discovery test), we changed the local name of serverb to servera,
  to perform test to see that servera applications have been recovered.
  
So, externally both return pings to their original name.  However, when 
logging into serverb, the uname -a returns servera.

The change was done by changing /etc/hosts and uname.
4.5.6.8  serverb  servera
   
  When the hobbit client is running on serverb, all processes have servera 
  in them.  Hobbit server starts to report serverb status as servera !!

Doesn't the hobbit server check that the ip of the reporting server (serverb)
and reject it, since it does not match the ip address of servera?
   
  
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail
list Larry Barber · Fri, 30 Nov 2007 15:29:49 -0600 · 
Check out the --status-senders argument to hobbitd on the hobbitd man page.

Thanks,
Larry Barber
quoted from Ye-fee Liang

On Nov 29, 2007 4:05 PM, ye-fee liang <user-1626c7b75791@xymon.invalid> wrote:

We have 2 servers:

1.2.3.4   servera
4.5.6.8   serverb

During DR(discovery test), we changed the local name of serverb to
servera,
to perform test to see that servera applications have been recovered.

So, externally both return pings to their original name.  However, when
logging into serverb, the uname -a returns servera.

The change was done by changing /etc/hosts and uname.
4.5.6.8  serverb  servera

When the hobbit client is running on serverb, all processes have servera
in them.  Hobbit server starts to report serverb status as servera !!

Doesn't the hobbit server check that the ip of the reporting server
(serverb)
and reject it, since it does not match the ip address of servera?


Be smarter than spam. See how smart SpamGuard is at giving junk email the

boot with the *All-new Yahoo! Mail *<http://ca.promos.yahoo.com/newmail/overview2/>;
list Henrik Størner · Fri, 30 Nov 2007 22:33:27 +0100 ·
quoted from Ye-fee Liang
On Thu, Nov 29, 2007 at 05:05:44PM -0500, ye-fee liang wrote:
Doesn't the hobbit server check that the ip of the reporting server (serverb)
and reject it, since it does not match the ip address of servera?
   
Short answer: No.

Slightly longer answer: See the hobbitd(8) man-page, the "--status-senders" option.


Henrik