[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

Robert van der Meulen <rvdm@cistron.nl> writes:

> It providers very normal security; reasonable certainty that hosts
> connecting to your services are 'sane' in the sense that they have both a
> valid DNS entry, and a valid reverse DNS entry to match. 

What security does this give you, seriously?  I can't see that it
gives you any security at all, but it does block clients from (say)
people on company networks that don't do reverse DNS for internal

It only gives you security if you're blocking services based on
hostname, since otherwise someone not authoritative for your domain
could set up reverse DNS matching that host name.  But if you aren't
doing that (and you shouldn't), it gives you nothing.

Alan Shutko <ats@acm.org> - In a variety of flavors!
Stupidity is its own reward.

Reply to: