On Wed, Mar 31, 2004 at 09:28:42AM -0800, Adam McKenna wrote: > On Tue, Mar 30, 2004 at 02:21:51AM +0200, Javier Fernández-Sanguino Peña wrote: > > Funny. As with Steve's example, we don't enforce any policy regarding tcp. > > We used to have a "PARANOID" one, but now we don't even do that. > > Good. TCP "paranoid" setting does nothing for security. I agree here [1]. My proposal to #62145 is not to reinstate that, but to have tcpd ask people wether they want an "ALL: ALL" in their /etc/hosts.deny, _that's_ what I call paranoid :-) Javi [1] Tcp-wrappers' paranoid definition is based on being able to do a reverse DNS resolution of the incoming IP address.
Attachment:
signature.asc
Description: Digital signature