[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Thu, Apr 19, 2001 at 12:47:33AM -0700, Adam McKenna wrote:
> On Thu, Apr 19, 2001 at 05:35:08PM +1000, Craig Sanders wrote:
> > by itself, it's effectively "allow connections from anywhere except from
> > clients playing silly-buggers with their .in-addr.arpa PTR records"
> I.E., nothing.  Give me an example of one situation where this would
> accomplish more than stalling an attacker for a few seconds.

If I have control over the 203.36.158.* reverse DNS (Telstra are stupid
enough to not be able to delegate the part of it that's mine, I've long 
stopped caring), and I could easily have, all you would log is a connection
from scriptkiddie.fuckyou.microsoft.com.

You see?

And, if someone's DNS is that legitimately broken, someone needs to
seriously LART the person doing the DNS with a clue-by-four. Otherwise
no-one will realise, because nothing will break. But it SHOULD break, if
something's that fucked up.
> > > So we can be pedantic and enforce "correct" DNS configuration?  That's
> > > a bullshit reason.
> > 
> > it's not why we're doing it, but it's not a bad reason all the same.
> After hearing things like this it's not hard for me to understand why a lot
> of people hate Debian Developers and think they're all assholes.

Some more than others. All have different ways of making a point - some very
diplomatic (imho not the best way), some reasonably forceful (pretty good
idea), and some just calling the other a "fuckwit" (not the best idea in
some situations).


Daniel Stone
Linux Kernel Developer

Version: 3.1
G!>CS d s++:- a---- C++ ULS++++$>B P---- L+++>++++ E+(joe)>+++ W++ N->++ !o
K? w++(--) O---- M- V-- PS+++ PE- Y PGP>++ t--- 5-- X- R- tv-(!) b+++ DI+++ 
D+ G e->++ h!(+) r+(%) y? UF++

Reply to: