Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, Apr 18, 2001 at 11:03:31PM +0200, Nils Jeppe wrote:
> You use rsh on such sites?! Telnet? Then removing all: paranoid is really
> not going to aversely affect your security ;)
tcpd was originally designed to "protect" (heh) people using .rhosts files
and rlogin/rsh to allow remote logins without a password. If you are doing
this, then hostname-based security is desirable (despite the fact that it's
not actually achievable, due to security problems with DNS).
Paranoid checks really don't gain you anything today, and what little extra
security they provide is far outweighed by the problems they cause.
--Adam
--
Adam McKenna <adam@debian.org> <adam@flounder.net>
Reply to: