diff options
author | Niels Provos <provos@cvs.openbsd.org> | 1999-10-03 21:50:05 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 1999-10-03 21:50:05 +0000 |
commit | dce30fe4c3eed210d1830b1bb7d5434ad4f15607 (patch) | |
tree | 2d57dbe7a3d712ad0e757a1b39965798ed6c67ba /usr.bin/ssh/compress.h | |
parent | 99b7880be93ded91810507804eb4226b2ee29edd (diff) |
add code to detect DNS spoofing:
the main idea is to not only store the host key for the hostname but
also for the according IP address. When we check the host key in the
known_hosts file, we also check the key against the according IP address.
When the server key changes, host_status = HOST_CHANGED. If
check_host_in_hostfile() returns differing status for the IP address
that means that either DNS was spoofed or that the IP address
for the host and the host key changed at the same time.
Diffstat (limited to 'usr.bin/ssh/compress.h')
0 files changed, 0 insertions, 0 deletions