[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default


Quoting PiotR (piotr@omega.resa.es):
> Having ALL: PARANOID in /etc/hosts.deny only causes problems and doesn't 
> provide any special security. Its very annoing when you can't access some 
> server because this. Or worse, the clients doesn't accept the server stuff.
You're right. it doesn't provide special security.
It providers very normal security; reasonable certainty that hosts
connecting to your services are 'sane' in the sense that they have both a
valid DNS entry, and a valid reverse DNS entry to match. 

> I strongly believe that this should be removed in posterior releases of 
> debian O.S ?what do you think?
I don't agree :)

	(who thinks 'ALL: PARANOID' is the only thing /etc/hosts.deny is 
	 useful for)

			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
 "There are two major products that come out of Berkeley: LSD and UNIX. We
	don't believe this to be a coincidence." -- Jeremy Anderson

Reply to: