Re: xinetd /etc/host.deny ALL:PARANOID

To: debian-isp@lists.debian.org, debian-user@lists.debian.org
Subject: Re: xinetd /etc/host.deny ALL:PARANOID
From: wagnerc@plebeian.com (Chris Wagner)
Date: Thu, 10 Jan 2002 20:05:44 -0500
Message-id: <[🔎] 200201110105.g0B15lp13637@mail.goodnews.net>

Well, the rationale behind this is as you touched on, preventing spoofed
address attacks.  A paranoid lookup essentially verifies that the connecting
system is a known legit host.  In effect you're using your DNS system as
another level of authentication.  Say somebody wants to covertly log on or
attack your system, so they give themselves a bogus ip.  A paranoid lookup
will stop that because there's no DNS entry.  (I won't get into the
mechanisms of these spoof type attacks)

Now for connections originating from the internet this is little help since
there are so many ways to spoof traffic/hack/attack/etc.  What it can make a
difference in is from traffic originating within your own network.  Because
that is a known entity and paranoid lookups should ALWAYS succeed.  I don't
know all the details of how it passes or fails you given RR DNS but it does
something...  

At 01:29 AM 1/11/02 +0100, martin f krafft wrote:
>yes, but *what* exactly does ALL:PARANOID prevent? establishing the
>authenticity of the domain name is surel a good point, but that's for
>finger/who/w and co. only because i don't even want to deal with/know
>about a system administrator that parses logs based on domain names
>rather than IPs...

--
REMEMBER THE WORLD TRADE CENTER         ---=< WTC 911 >=--

00000100

Reply to:

Follow-Ups:
- Re: xinetd /etc/host.deny ALL:PARANOID
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: Debian Vs RedHat
Next by Date: Re: Debian Vs RedHat
Previous by thread: Re: xinetd /etc/host.deny ALL:PARANOID
Next by thread: Re: xinetd /etc/host.deny ALL:PARANOID
Index(es):
- Date
- Thread