Date: Fri, 23 Dec 2005 21:19:58 -0200 From: JoaoBR <joao@matik.com.br> To: freebsd-stable@freebsd.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <200512232119.58748.joao@matik.com.br> In-Reply-To: <65dcde740512231426u199dea1aob6c54b89056c7a82@mail.gmail.com> References: <43ABF6E4.2090908@ll.mit.edu> <44irtf3mxr.fsf@be-well.ilk.org> <65dcde740512231426u199dea1aob6c54b89056c7a82@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 23 December 2005 20:26, James Tanis wrote: > What reason is that? A reverse-lookup is no longer really a valid way > of filtering out the undesireable unless your lucky enough to be > dealing only with those who have the knowledge and ability to control > those entries. Most residential ips either have no reverse-lookup or I guess you are wrong you can fake your IP and you can fake your hostname, but exactly for securi= ty=20 reasons, since we believe that beeing a a network admin is not because of=20 luck but knowledge, and we also believe that this person has a certain=20 responsibility and so he will probably not set up false dns reverse data. so when I check your IP and hostname you send me and when this do not match= =20 the reverse info I get I can suppose you do not have good intentions or you= =20 do not have the knowledge to set your network up. Both cases may not be=20 welcome on my network and you get kicked out. Like you see here the decisio= n=20 is the owner's one who can or not enter his home. so reverse dns is a absolute valid check - what never was so important as=20 today since each newborn already knows how to fake IP's and when your residential Ip provider do not has a correct reverse DNS get= =20 yourself a more serious one anyway, you are mixing things up since you do not need a valid reverse dns = to=20 configure your sshd, the server admin can disable this lookup or use the=20 local host file - or you may like the "clever way" and forget to set or=20 delete your resolv.conf=20 Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512232119.58748.joao>