[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, 18 Apr 2001, Andrew Pimlott wrote:

> > Quoting Andrew Pimlott (andrew@pimlott.ne.mediaone.net):
> > > PARANOID is there for people who want to do DNS hostname based
> > > authentication and have it be slightly less broken.  That's it.  Can
> > > anyone else document a real case in which denying based on PARANOID
> > > helped?
> > There is no such thing as DNS hostname based authentication.
> ???  What do you call rsh?  It doesn't use only the DNS hostname for
> authentication, of course, but DNS hostname is a critical part.
> > Can you give an example where you would want to allow access from an
> > inconsequently configured machine, that is run by someone who doesn't know
> > how to configure DNSs ?
> Anytime I use a machine on a misconfigured network and want to log
> on to my home PC.  This happens quite often: every time I use a
> computer at a client site, or a school lab, or a friend's house,
> there's a real chance that I'm on a misconfigured network.

You use rsh on such sites?! Telnet? Then removing all: paranoid is really
not going to aversely affect your security ;)

 "But since you asked: I am like a hunter of peace, one who chases the
  elusive mayfly of love. - Well, something like that." -- Trigun
  Echelon Bait v2.0: Biological assassination of terrorism in trade center
  anthrax nuclear plutonium weapon poison president islam bush.

Reply to: