Once upon a time, Steve Grubb <sgrubb@xxxxxxxxxx> said: > The day when no one tries IP address spoofing and source routing is the day we > can stop shipping this "crap". Until then I thank it for every denial I see > in my logs. Those would be good reasons, if tcpd protected you against those things. The Linux IPv4 stack has an option "accept_source_route" that is off by default, so that protects you there (as do most decent ISPs that disable source routing). TCP_wrappers does nothing to protect against IP spoofing. Secure sequence numbers should protect TCP, and proper network design and filtering is the only thing that can protect UDP against spoofing. TCP_wrappers was good before we had host-based firewalls, but is really obsolete at this point, except for trying to do access control based on DNS (which, for the most part, is a bad idea, as seen in this thread). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
