Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Fri, 20 Apr 2001 12:08:55 -0700
Message-id: <[🔎] 20010420120855.Z7546@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010420135750.A26919@pimlott.ne.mediaone.net>; from andrew@pimlott.ne.mediaone.net on Fri, Apr 20, 2001 at 01:57:50PM -0400
References: <[🔎] 20010418091902.O12115@flounder.net> <[🔎] 20010418164841.C12115@flounder.net> <[🔎] 20010418165750.U4217@osdlab.org> <[🔎] 01041903332300.00329@lain> <[🔎] 20010418204742.C16792@ucsd.edu> <[🔎] 20010419082418.D15227@osdlab.org> <[🔎] 20010420021412.A29144@azure.humbug.org.au> <[🔎] 20010420135750.A26919@pimlott.ne.mediaone.net>

On Fri, Apr 20, 2001 at 01:57:50PM -0400, Andrew Pimlott wrote:
> It remains of course that some other services may log the wrong
> thing.  But 1. Adam showed that most services log IP addresses, and
> 2. even if you deny PARANOID, a clever attacker can probably fool
> the other service using DJB's technique.

The fact that "who" and "finger" do not show the correct hostnames in this
case is a compelling argument for keeping the paranoid checks in for now,
BUT, this should be addressed as a shortcoming in these programs, and not
swept under the rug.  Both obtain obtain their data from the system utmp/wtmp 
files which do contain the IP addresss.

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott)

References:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Eloi Granado <kaneda@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott)

Prev by Date: Re: Cryptic messages from installers
Next by Date: Re: chroot bind?
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread