Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Thu, 19 Apr 2001 09:14:32 -0700
Message-id: <[🔎] 20010419091432.Q12115@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010419234611.B31779@piro.kabuki.openfridge.net>; from daniel@kabuki.openfridge.net on Thu, Apr 19, 2001 at 11:46:11PM +1000
References: <[🔎] 20010418171100.B8620@omega.resa.es> <[🔎] 20010418172549.A17770@lin-gen.com> <[🔎] 20010418232523.J12115@flounder.net> <[🔎] 20010419173508.G1099@taz.net.au> <[🔎] 20010419004733.L12115@flounder.net> <[🔎] 20010419234611.B31779@piro.kabuki.openfridge.net>

On Thu, Apr 19, 2001 at 11:46:11PM +1000, Daniel Stone wrote:
> > I.E., nothing.  Give me an example of one situation where this would
> > accomplish more than stalling an attacker for a few seconds.
> 
> So:
> 203.36.158.121->scriptkiddie.fuckyou.microsoft.com
> scriptkiddie.fuckyou.microsoft.com->NXDOMAIN
> If I have control over the 203.36.158.* reverse DNS (Telstra are stupid
> enough to not be able to delegate the part of it that's mine, I've long 
> stopped caring), and I could easily have, all you would log is a connection
> from scriptkiddie.fuckyou.microsoft.com.

No.  I'd log a connection from 203.36.158.121.  My box would resolve this
(correctly) to scriptkiddie.fuckyou.microsoft.com but that's hardly relevant,
since IP addresses are logged and not hostnames (I've already asked for an
example of a service that only logs hostnames and people have yet to provide
it.)

xinetd logs IP addresses
ssh logs IP addresses
Linux logs IP addresses (in lastlog)
tcpd logs IP addresses (when not running in PARANOID mode and hostname
doesn't match IP address)

So, which services are we protecting?

> And, if someone's DNS is that legitimately broken, someone needs to
> seriously LART the person doing the DNS with a clue-by-four. Otherwise
> no-one will realise, because nothing will break. But it SHOULD break, if
> something's that fucked up.

Why should it break?  Who says DNS must be correctly configured?  Why do you
advocate that we should rely on DNS information at all?  What's so special
about it?  It's an insecure protocol that runs on (for the most part)
insecure software.

> > After hearing things like this it's not hard for me to understand why a lot
> > of people hate Debian Developers and think they're all assholes.
> 
> Some more than others. All have different ways of making a point - some very
> diplomatic (imho not the best way), some reasonably forceful (pretty good
> idea), and some just calling the other a "fuckwit" (not the best idea in
> some situations).

It wasn't his way of making the point, it was the point itself.

--Adam

--
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

References:
- ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Craig Sanders <cas@taz.net.au>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread