Home page logo
/

nanog logo nanog mailing list archives

Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Adam McKenna <adam () flounder net>
Date: Mon, 14 May 2001 23:18:09 -0700


On Mon, May 14, 2001 at 05:27:09PM -0400, Christopher A. Woodfield wrote:

I didn't intend to imply that matching forward/reverse DNS was a security 
measure I'd trust by itself, but it certainly doesn't hurt to implement as 
a "outer perimeter" measure in conjunction with IP-based rules and 
secure authentication...

It does hurt.  It causes non-obvious problems.  Forcing hostnames and PTR's
to match (commonly referred to as PARANOID checking) does not provide extra
security, it just prevents people with badly configured DNS from accessing
your servers.

--Adam


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]