lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9D018FFD79A2316AC02DE86C@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Reverse dns 

--On Thursday, March 10, 2005 12:11:54 PM -0500 Valdis.Kletnieks@...edu 
wrote:

> On Thu, 10 Mar 2005 09:57:57 CST, Paul Schmehl said:
>
>> I've been looking through the RFCs and I can't find it.  Some folks
>> think  reverse dns should be completely disabled.  I know for sure that
>> this will  break email, because many mail servers won't talk to a server
>> that doesn't  reverse.  Tcpdump also doesn't like hosts that won't
>> reverse.
>
> "tcpdump -n" is your friend. :)
>
{{sheesh}} I *meant* tcpwrappers.  You're the second guy that's pointed out 
that switch for tcpdump, and I was sitting here, scratching my head, 
wondering why in the h you were bringing it up.  I see now it's because the 
wires between my brain and the keyboard were crossed.

Now that we've resolved that, here's my arguments, based on the helpful 
input from the list:

1) reversing internet facing hosts is required by RFC 1912.

2) Ignoring an RFC should only be done for an extremely compelling reason.

3) Rather than hiding hostnames (which is a trivial security gain anyway) 
we should *move* hosts to private space unless their owners can provide a 
compelling reason for needing an internet-resolveable address.

Do I win?  I think so. :-)

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ