To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
Roeland Meyer
rmeyer at mhsc.com
Mon May 14 01:04:12 UTC 2001
> From: Frank Rizzo [mailto:rizzo at drunkagain.org]
> Sent: Sunday, May 13, 2001 3:09 PM
>
> On Sun, May 13, 2001 at 02:20:28PM -0700, Roeland Meyer wrote:
> >
> > I've had similar problem at SpeakEasy. They still don't
> have a reverse-DNS clue.
> >
> > http://www.mhsc.com/recovery.htm
> >
> > None of the DSL ISPs can do larger than /27 anymore, even
> when they're
> > ILECs. Anything less than a /24 can't be SWIP'd and if you
> don't control
> > your in-addr.arpa entries you don't control your domain and have no
> > security.
>
> wow, relying on dns for security is pretty freaking ignorant,
> and so are you appearantly. that's okay, i'll shut up now because i'll be
> busy playing with my reverse dns to get your hosts to trust me!
Gee, I wish you knew what you were talking about. Basic security starts with
reverse, see tcp_wrappers, SSH, Oracle (try and build a DB without reverse
working right. Net8 stops you dead in your tracks). Half of my ACLs don't
work right because reverse isn't correct.
> ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.
Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa.
ERROR: Garbage option.
More information about the NANOG
mailing list