From owner-freebsd-current  Mon Apr 12 13:28:49 1999
Delivered-To: freebsd-current@freebsd.org
Received: from pau-amma.whistle.com (s205m64.whistle.com [207.76.205.64])
	by hub.freebsd.org (Postfix) with ESMTP id B06F615226
	for <freebsd-current@freebsd.org>; Mon, 12 Apr 1999 13:28:39 -0700 (PDT)
	(envelope-from dhw@whistle.com)
Received: (from dhw@localhost)
	by pau-amma.whistle.com (8.9.2/8.9.2) id NAA97599
	for freebsd-current@freebsd.org; Mon, 12 Apr 1999 13:26:20 -0700 (PDT)
Date: Mon, 12 Apr 1999 13:26:20 -0700 (PDT)
From: David Wolfskill <dhw@whistle.com>
Message-Id: <199904122026.NAA97599@pau-amma.whistle.com>
To: freebsd-current@freebsd.org
Subject: Re: showing full host names in output from who/finger/last
In-Reply-To: <Pine.BSF.3.96.990411190058.11402A-100000@fledge.watson.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>Date: Sun, 11 Apr 1999 19:05:30 -0400 (EDT)
>From: Robert Watson <robert@cyrus.watson.org>

>I'd actually like to see wtmp only use IP addresses, never hostnames. 

I would prefer to have that be an installation-selectable option, at
least.

>Spoofed names are fairly easy to arrange; with IP filtering on border
>routers, spoofed IPs are harder.  Besides which, connections are from IPs
>and not names.  :-)  This of course sticks you with the task of DNS
>lookups when viewing wtmp, when you may already have done them at login
>time.  Probably ideally, we'd have two variable length fields, one for a
>network-supplied source, and one for a transformed source such as name,
>display name (....:0), etc.  But that requires modifying the record
>format, which is always a pain.

In my case, it's more because I expect the association of hostname <-> IP
address to be rather transient compared to the interval during which the
information might be useful:  although it may be of interest to know what
the hostname was at the time of the original event, it's more likely to
be useful for me to know the IP address at the time.  And merely because
I know one of those *now* doesn't mean that I necessarily know what the
other was *then*.

(And yes, this is more of a concern when investigating such things as
dropped (but logged) ICMP redirects targeted at some of our perimeter
hosts, for example.  I'm rather less concerned within our internal nets.)

Cheers,
david
-- 
David Wolfskill		UNIX System Administrator
dhw@whistle.com		voice: (650) 577-7158	pager: (650) 371-4621


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message