Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Thu, Apr 19, 2001 at 04:59:37AM +0200, Robert van der Meulen wrote:
> Quoting PiotR (email@example.com):
> > Seriously, i think you are missing the contact with reality in this issue.
> > When you start compromising usability in favor of security, you are beening
> > PARANOID.. And that is what is wrong in /etc/hosts.deny. Specially when we
> > are talking about DEBIAN DEFAULTS!
> what's 'beening' ?
I misstyped beeing.
> We're not sacrificing usability in favor of security, we're sacrificing
> usability-for-some for security-for-lots. Apart from that we're doing The
> Right Thing by assuming an 'honest' host has a correct dns entry, like all
Honest??? I personaly haven't heard of any osi layer called "network ethics" ;-D
> hosts should have.
> Removing it would mean more usability for you, less for me. I wonder if
What usability is for you to deny access to clients? Maybe to go up ten floors up to your server that doesn't accept telnet conexions is a sport issue. Not for me.
> they're more people with broken DNS entries than those with working ones...
Who knows, at least there are some, maybe a they are a lot.
Please, note that at least 80% of Internet conexion are particular users. And since they don't own the whole network, they don't have control over their dns entry. I think most of you that are in favor of not changing it, don't think about this issue.
I believe this PARANOID harms the weaks, and do nothing more. No security enhacement. ( Proove it! ).
> > Note that the majority of debian users don't have to be networking gurus by
> > default.
> I would like to know how knowing what 'ALL: PARANOID' means makes you a
> networking guru ;)
Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/