also sprach Chris Wagner <[EMAIL PROTECTED]> [2002.01.11.0205 +0100]: > Well, the rationale behind this is as you touched on, preventing > spoofed address attacks. A paranoid lookup essentially verifies that > the connecting system is a known legit host. In effect you're using > your DNS system as another level of authentication. Say somebody > wants to covertly log on or attack your system, so they give > themselves a bogus ip. A paranoid lookup will stop that because > there's no DNS entry. (I won't get into the mechanisms of these spoof > type attacks)
a bogus IP won't even make it past OSI layer 4 on debian... rp_filter... > REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- > > 00000100 interesting signature. serious or not? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "in any hierarchy, each individual rises to his own level of incompetence, and then remains there." -- murphy
pgp4AWV4h3kmq.pgp
Description: PGP signature
