From owner-freebsd-net Mon Jul 24 10: 0:50 2000 Delivered-To: freebsd-net@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 620CE37B830 for ; Mon, 24 Jul 2000 10:00:45 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA45742; Mon, 24 Jul 2000 13:00:09 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 24 Jul 2000 13:00:09 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Wes Peters Cc: "Roberto Nunnari, AGIE" , Nick Rogness , net@FreeBSD.ORG Subject: Re: gateway strange behaviour for telnet and ftp In-Reply-To: <397C5E86.6B0A0B72@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 24 Jul 2000, Wes Peters wrote: > Because the server daemones for each of those do the reverse lookup, for > logging and/or authentication purposes. Ping never gets out of the IP > stack; one of the reasons it is preferred for testing connectivity is the > minimal load it imposes on the target being pinged. This has gotten worse recently (well, relatively recently) with inclusion of TCP wrappers in standard binaries, including inetd, et al. Introducing DNS lookups is actually fairly irritating, especially given that most of the checks there are somewhat bogus, as easily spoofed :-). I don't believe our default wrapper rules should require DNS lookups; it would be nice if they didn't do them. Would also be nice if we logged IPs as well as hostnames in wtmp all of the time. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message