[lug] "ALL: PARANOID" in /etc/hosts.deny
McIllece, Matthew W
matthew.w.mcillece at lmco.com
Fri Feb 25 12:09:44 MST 2000
Thanks Kevin! I take it then that "ALL: PARANOID" is the absolute most
secure setting for /etc/hosts.deny, no? Is the "ALL: PARANOID" setting
mentioned in print anywhere? All I can find are references to "ALL: ALL".
-----Original Message-----
From: Kevin Fenzi <kevin at scrye.com>
To: blug at blug.boulder.co.us
Subject: Re: [lug] "ALL: PARANOID" in /etc/hosts.deny
Reply-To: lug at lug.boulder.co.us
>>>>> "Matthew" == "McIllece, Matthew W"
<matthew.w.mcillece at lmco.com> writes:
Matthew> I noticed that "ALL: PARANOID" is what you get in
Matthew> /etc/hosts.deny from the default Corel Linux install. Does
Matthew> this provide the same level of security as "ALL: ALL"?
Matthew> If they are equivalent, are there yet other words that also
Matthew> provide the same level of security as "ALL: ALL"?
They are not quite the same...
PARANOID ads an additional check. It will try and resolve any
connection with forward AND reverse DNS. If they don't both resolve
to
the same thing it will disallow the connection. This was put in when
DNS spoofing was happening a lot.
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list