also sprach Chris Wagner <wagnerc@plebeian.com> [2002.01.11.0205 +0100]:
> Well, the rationale behind this is as you touched on, preventing
> spoofed address attacks. A paranoid lookup essentially verifies that
> the connecting system is a known legit host. In effect you're using
> your DNS system as another level of authentication. Say somebody
> wants to covertly log on or attack your system, so they give
> themselves a bogus ip. A paranoid lookup will stop that because
> there's no DNS entry. (I won't get into the mechanisms of these spoof
> type attacks)
a bogus IP won't even make it past OSI layer 4 on debian... rp_filter...
> REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=--
>
> 00000100
interesting signature. serious or not?
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"in any hierarchy, each individual rises
to his own level of incompetence,
and then remains there."
-- murphy
Attachment:
pgp74K_pkeI3E.pgp
Description: PGP signature