[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release update

On Wed, Mar 31, 2004 at 09:28:42AM -0800, Adam McKenna wrote:
> On Tue, Mar 30, 2004 at 02:21:51AM +0200, Javier Fernández-Sanguino Peña wrote:
> > Funny. As with Steve's example, we don't enforce any policy regarding tcp. 
> > We used to have a "PARANOID" one, but now we don't even do that. 
> Good.  TCP "paranoid" setting does nothing for security.

I agree here [1]. My proposal to #62145 is not to reinstate that, but to
have tcpd ask people wether they want an "ALL: ALL" in their
/etc/hosts.deny, _that's_ what I call paranoid :-)


[1] Tcp-wrappers' paranoid definition is based on being able to do a 
reverse DNS resolution of the incoming IP address.

Attachment: signature.asc
Description: Digital signature

Reply to: