How secure is "hosts allow"? I have "hosts allow = bkup" in my rsyncd.conf. Then in /etc/hosts I have:
64.29.16.235 bkup This makes only 64.29.16.235 able to connect to rsync. Could someone spoof their hostname somehow to trick rsync into letting them in, though? e.g. If they reverse DNS says that they're called "bkup".
