Home page logo
/

nanog logo nanog mailing list archives

Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Adam McKenna <adam () flounder net>
Date: Sun, 13 May 2001 22:06:15 -0700


On Sun, May 13, 2001 at 06:04:12PM -0700, Roeland Meyer wrote:
Gee, I wish you knew what you were talking about. Basic security starts with
reverse, see tcp_wrappers

tcp_wrappers is joke security.  Anyone using TCP wrappers and hostname-based
rules is braindead.

SSH

SSH does not require reverse DNS to operate properly.

Oracle (try and build a DB without reverse working right. Net8 stops you
dead in your tracks).

Sorry, but this is just 100% wrong.  I've set up Oracle on many boxes and you
don't need any DNS at all to set up an oracle DB.  In fact, I tell our DBA's
to use IP addresses in their TNSNAMES.ORA files because I don't want the DB
depending on DNS.

Half of my ACLs don't work right because reverse isn't correct.

Too bad for you.  Maybe you should get better ACL's.

ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.

Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa.
ERROR: Garbage option.

Heh.

--Adam


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]