Home page logo
/

nanog logo nanog mailing list archives

RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 13 May 2001 18:04:12 -0700


From: Frank Rizzo [mailto:rizzo () drunkagain org]
Sent: Sunday, May 13, 2001 3:09 PM

On Sun, May 13, 2001 at 02:20:28PM -0700, Roeland Meyer wrote:

I've had similar problem at SpeakEasy. They still don't 
have a reverse-DNS clue.

http://www.mhsc.com/recovery.htm

None of the DSL ISPs can do larger than /27 anymore, even 
when they're
ILECs. Anything less than a /24 can't be SWIP'd and if you 
don't control
your in-addr.arpa entries you don't control your domain and have no
security.

wow, relying on dns for security is pretty freaking ignorant, 
and so are you appearantly. that's okay, i'll shut up now because i'll be 
busy playing with my reverse dns to get your hosts to trust me!

Gee, I wish you knew what you were talking about. Basic security starts with
reverse, see tcp_wrappers, SSH, Oracle (try and build a DB without reverse
working right. Net8 stops you dead in your tracks). Half of my ACLs don't
work right because reverse isn't correct.

ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.

Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa.
ERROR: Garbage option.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]