From owner-freebsd-net  Mon Jul 24 10:27:38 2000
Delivered-To: freebsd-net@freebsd.org
Received: from peace.mahoroba.org (peace.calm.imasy.or.jp [202.227.26.34])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3CC3D37BC37; Mon, 24 Jul 2000 10:27:32 -0700 (PDT)
	(envelope-from ume@mahoroba.org)
Received: from localhost (IDENT:FDu0hvEP+Z2ufymPsd7v1H7bKpVhd1yWxhiv7bRWdo6KHWPfnr0afCgkN4kB9sO/@localhost [::1])
	(authenticated)
	by peace.mahoroba.org (8.10.2/3.7W-peace) with ESMTP id e6OHRQh67053;
	Tue, 25 Jul 2000 02:27:26 +0900 (JST)
	(envelope-from ume@mahoroba.org)
Date: Tue, 25 Jul 2000 02:27:23 +0900 (JST)
Message-Id: <20000725.022723.115966623.ume@mahoroba.org>
To: rwatson@FreeBSD.ORG
Cc: wes@softweyr.com, roberto.Nunnari@agie.ch, nick@rapidnet.com,
	net@FreeBSD.ORG
Cc: ume@mahoroba.org
Subject: Re: gateway strange behaviour for telnet and ftp
From: Hajimu UMEMOTO <ume@mahoroba.org>
In-Reply-To: <Pine.NEB.3.96L.1000724125838.41604H-100000@fledge.watson.org>
References: <397C5E86.6B0A0B72@softweyr.com>
	<Pine.NEB.3.96L.1000724125838.41604H-100000@fledge.watson.org>
X-Mailer: xcite1.20> Mew version 1.95b38 on Emacs 20.6 / Mule 4.0
 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?=
X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc
X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91  05 D0 B3 EF 36 9B 6A BC
X-URL: http://www.imasy.org/~ume/
X-OS: FreeBSD 5.0-CURRENT
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> On Mon, 24 Jul 2000 13:00:09 -0400 (EDT)
>>>>> Robert Watson <rwatson@FreeBSD.ORG> said:

rwatson> This has gotten worse recently (well, relatively recently) with inclusion
rwatson> of TCP wrappers in standard binaries, including inetd, et al.  Introducing
rwatson> DNS lookups is actually fairly irritating, especially given that most of
rwatson> the checks there are somewhat bogus, as easily spoofed :-).  I don't
rwatson> believe our default wrapper rules should require DNS lookups; it would be
rwatson> nice if they didn't do them.

No.  Default rule of libwrap allows any connections.  I believe this
doesn't do reverse lookup.
It is done by realhostname{,_sa}(3) during login process.

rwatson> Would also be nice if we logged IPs as well as hostnames in wtmp all of
rwatson> the time.

If you intend to obtain hostname, you need reverse lookup. ;-)

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@FreeBSD.org
http://www.imasy.org/~ume/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message