[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, 18 Apr 2001, Alan Shutko wrote:

> What security does this give you, seriously?  I can't see that it
> gives you any security at all, but it does block clients from (say)
> people on company networks that don't do reverse DNS for internal
> machines.

They should hire a less crappy network admin, then, and set up reverse
DNS. (Or use a better ISP.)

> It only gives you security if you're blocking services based on
> hostname, since otherwise someone not authoritative for your domain
> could set up reverse DNS matching that host name.  But if you aren't
> doing that (and you shouldn't), it gives you nothing.

It ensures that machines are who they claim they are, which is already
something. Plus, how many people set up their machines to include IP based
accesslists? So the paranoia thingie is better than nothing, and combined
with name based accesslists, it's a necessity.

 "But since you asked: I am like a hunter of peace, one who chases the
  elusive mayfly of love. - Well, something like that." -- Trigun
  Echelon Bait v2.0: Biological assassination of terrorism in trade center
  anthrax nuclear plutonium weapon poison president islam bush.

Reply to: