[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default



On Wed, Apr 18, 2001 at 11:25:23PM -0700, Adam McKenna wrote:
> I think that the main point people are missing here is that in order for 
> PARANOID to be anything other than an annoyance, it MUST co-exist with
> hostname-based rules.

*YES*, this is correct! All those making silly statements about the
security added by PARANOID should read the above. Study it carefully.
Think about what security *used to be* at the time tcp wrappers were
invented. Consider that some implementation of rshd *did not confirm
that clients' reverse maps were in any way valid* and the resultant ease
of access to such rshd's. *Of course* our rshd doesn't have that
problem; even more importantly, we consider .rhosts authentication
useless for far more reasons than can be fixed in tcp wrappers. But we
insist on dragging this relic known as PARANOID for a plethora of
misbegotten reasons. Reality check: PARANOID is *not* there to make
audit trails better. At a minimum, such checks should be done with ip's.
Yes, ip's can be spoofed. But spoofing dns is generally *even more
trivial, with or without PARANOID.* Suggesting that dns records should
be used as a basis for such checks is dangerously misleading. 

Now I'm sure some people will argue that PARANOID helps the clueless who
don't know that dns is trivially spoofed. But you can't have it both
ways--you can't argue that PARANOID is good even though less experienced
admins will have hard-to-diagnose problems, and that such admins need a
lart, and then argue that PARANOID is undeniably necessary because it
adds a shred of *false confidence* for clueless admins. Which of the two
clueless admins is being led into *dangerous* territory?

-- 
Mike Stone

Attachment: pgpoqrFsh9sr6.pgp
Description: PGP signature


Reply to: