Date: Mon, 24 Jul 2000 13:00:09 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Wes Peters <wes@softweyr.com> Cc: "Roberto Nunnari, AGIE" <roberto.Nunnari@agie.ch>, Nick Rogness <nick@rapidnet.com>, net@FreeBSD.ORG Subject: Re: gateway strange behaviour for telnet and ftp Message-ID: <Pine.NEB.3.96L.1000724125838.41604H-100000@fledge.watson.org> In-Reply-To: <397C5E86.6B0A0B72@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jul 2000, Wes Peters wrote: > Because the server daemones for each of those do the reverse lookup, for > logging and/or authentication purposes. Ping never gets out of the IP > stack; one of the reasons it is preferred for testing connectivity is the > minimal load it imposes on the target being pinged. This has gotten worse recently (well, relatively recently) with inclusion of TCP wrappers in standard binaries, including inetd, et al. Introducing DNS lookups is actually fairly irritating, especially given that most of the checks there are somewhat bogus, as easily spoofed :-). I don't believe our default wrapper rules should require DNS lookups; it would be nice if they didn't do them. Would also be nice if we logged IPs as well as hostnames in wtmp all of the time. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000724125838.41604H-100000>