Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Fri, Apr 20, 2001 at 01:57:50PM -0400, Andrew Pimlott wrote:
> It remains of course that some other services may log the wrong
> thing. But 1. Adam showed that most services log IP addresses, and
> 2. even if you deny PARANOID, a clever attacker can probably fool
> the other service using DJB's technique.
The fact that "who" and "finger" do not show the correct hostnames in this
case is a compelling argument for keeping the paranoid checks in for now,
BUT, this should be addressed as a shortcoming in these programs, and not
swept under the rug. Both obtain obtain their data from the system utmp/wtmp
files which do contain the IP addresss.
Adam McKenna <email@example.com> <firstname.lastname@example.org>