also sprach Chris Wagner <wagnerc@plebeian.com> [2002.01.11.0616 +0100]: > >okay, why libwrap then? > > Once the network is compromised, it makes no difference what's on the box. > If done properly, the compromised network is indistinguishable from the > uncompromised network. That box is totally on it's own. :) exactly. it's a known fact that you can spoof well enough to bypass rp_filter, then you can just as well bypass libwrap. i think that ALL:PARANOID is a useless setting that might only make things harder if you have productive connects from an uncontrolled environment. > >/29, although i've seen /30's. problem is that with that much of a > >subnet, you are wasting a lot of IPs. the efficiency in terms of IP > >usage for /30 is 50%!!! > > Come on... there are only 4 ip numbers in a /30!!! The only > conceivable use for a /30 is as a point-to-point. /29 maybe for cable > modem LANs... true. one machine, one router. it *is* ridiculous though. /29 exists, providing 6 ips. i usually get /28 -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
Attachment:
pgp3bxAqE8WPM.pgp
Description: PGP signature