[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Fri, Apr 20, 2001 at 01:57:50PM -0400, Andrew Pimlott wrote:
> It remains of course that some other services may log the wrong
> thing.  But 1. Adam showed that most services log IP addresses, and
> 2. even if you deny PARANOID, a clever attacker can probably fool
> the other service using DJB's technique.

The fact that "who" and "finger" do not show the correct hostnames in this
case is a compelling argument for keeping the paranoid checks in for now,
BUT, this should be addressed as a shortcoming in these programs, and not
swept under the rug.  Both obtain obtain their data from the system utmp/wtmp 
files which do contain the IP addresss.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: