Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, 18 Apr 2001, Andrew Pimlott wrote:
> > Quoting Andrew Pimlott (andrew@pimlott.ne.mediaone.net):
> > > PARANOID is there for people who want to do DNS hostname based
> > > authentication and have it be slightly less broken. That's it. Can
> > > anyone else document a real case in which denying based on PARANOID
> > > helped?
> > There is no such thing as DNS hostname based authentication.
>
> ??? What do you call rsh? It doesn't use only the DNS hostname for
> authentication, of course, but DNS hostname is a critical part.
>
> > Can you give an example where you would want to allow access from an
> > inconsequently configured machine, that is run by someone who doesn't know
> > how to configure DNSs ?
>
> Anytime I use a machine on a misconfigured network and want to log
> on to my home PC. This happens quite often: every time I use a
> computer at a client site, or a school lab, or a friend's house,
> there's a real chance that I'm on a misconfigured network.
You use rsh on such sites?! Telnet? Then removing all: paranoid is really
not going to aversely affect your security ;)
--
"But since you asked: I am like a hunter of peace, one who chases the
elusive mayfly of love. - Well, something like that." -- Trigun
Echelon Bait v2.0: Biological assassination of terrorism in trade center
anthrax nuclear plutonium weapon poison president islam bush.
Reply to: