[lug] "ALL: PARANOID" in /etc/hosts.deny
Kevin Fenzi
kevin at scrye.com
Tue Jun 4 12:17:20 MDT 2013
>>>>> "Matthew" == "McIllece, Matthew W" <matthew.w.mcillece at lmco.com> writes:
Matthew> I noticed that "ALL: PARANOID" is what you get in
Matthew> /etc/hosts.deny from the default Corel Linux install. Does
Matthew> this provide the same level of security as "ALL: ALL"?
Matthew> If they are equivalent, are there yet other words that also
Matthew> provide the same level of security as "ALL: ALL"?
They are not quite the same...
PARANOID ads an additional check. It will try and resolve any
connection with forward AND reverse DNS. If they don't both resolve to
the same thing it will disallow the connection. This was put in when
DNS spoofing was happening a lot.
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list