Re: Source Address Verification
On Fri, Mar 22, 2002 at 11:44:45AM -0300, kratz wrote:
> For aplications based on TCPD is ease, only enable tcp-paranoid in to
> file /etc/hosts.deny.
Actually this is a simple DNS double lookup (normal / Reverse). This can
prevent DNS Spoofing (most of the time it can also prevent legal use), but
it is not working on the IP-Spoofing level.
Using tcpd to protect based on source ip is risky, using it to protect based
on domain names is foolish.