Re: Source Address Verification

To: debian-firewall@lists.debian.org
Subject: Re: Source Address Verification
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Fri, 22 Mar 2002 20:48:20 +0100
Message-id: <[🔎] 20020322194820.GA2302@lina.inka.de>
In-reply-to: <[🔎] 20020322114445.M78663@vant.com.br>
References: <[🔎] DjUTRC.A.q1B.wDzm8@murphy> <[🔎] 20020322114445.M78663@vant.com.br>

On Fri, Mar 22, 2002 at 11:44:45AM -0300, kratz wrote:
> For aplications based on TCPD is ease, only enable tcp-paranoid in to 
> file /etc/hosts.deny.
> ALL:PARANOD.

Actually this is a simple DNS double lookup (normal / Reverse). This can
prevent DNS Spoofing (most of the time it can also prevent legal use), but
it is not working on the IP-Spoofing level.

Using tcpd to protect based on source ip is risky, using it to protect based
on domain names is foolish.

Greetings
Bernd

Reply to:

References:
- Source Address Verification
  - From: Christian Bailleul <christian.bailleul@siemens.atea.be>
- Re: Source Address Verification
  - From: "kratz" <kratz@vant.com.br>

Prev by Date: Re: Source Address Verification
Next by Date: Running Bind behind a Firewall
Previous by thread: Re: Source Address Verification
Next by thread: Re: Source Address Verification
Index(es):
- Date
- Thread