[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 11:03:31PM +0200, Nils Jeppe wrote:
> You use rsh on such sites?! Telnet? Then removing all: paranoid is really
> not going to aversely affect your security ;)

tcpd was originally designed to "protect" (heh) people using .rhosts files 
and rlogin/rsh to allow remote logins without a password.  If you are doing 
this, then hostname-based security is desirable (despite the fact that it's 
not actually achievable, due to security problems with DNS).

Paranoid checks really don't gain you anything today, and what little extra
security they provide is far outweighed by the problems they cause.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: