[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source Address Verification

On Fri, Mar 22, 2002 at 11:44:45AM -0300, kratz wrote:
> For aplications based on TCPD is ease, only enable tcp-paranoid in to 
> file /etc/hosts.deny.

Actually this is a simple DNS double lookup (normal / Reverse). This can
prevent DNS Spoofing (most of the time it can also prevent legal use), but
it is not working on the IP-Spoofing level.

Using tcpd to protect based on source ip is risky, using it to protect based
on domain names is foolish.


Reply to: