Re: xinetd /etc/host.deny ALL:PARANOID

[Sam Varghese <sam@gnubies.com>]

On Fri, Jan 11, 2002 at 12:11:13AM +0100, martin f krafft wrote:
> > If a host does not match its IP, your system SHOULD deny it access.
> 
> i actually disagree. (a) these days, many run their own DNS even though
> the IP belongs to someone else and is only leased to a "home user". (b)
> you wouldn't believe how many DNS admins don't grasp reverse resolution,
> how many have misconfigured it (or not configured it at all), and how
> many times it just simply fails because of that reason even though it's
> a legit request.

i can only speak from my limited experience. i have found these measures
to work, therefore i practice them. of course, one would agree to
disagree. 

Sam
-- 
(Sam Varghese)
http://www.gnubies.com
Software industry: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems.