Re: NFS tcp wrapper situation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris Adams wrote:
Once upon a time, Steve Grubb <sgrubb@xxxxxxxxxx> said:
The day when no one tries IP address spoofing and source routing is the day we can stop shipping this "crap". Until then I thank it for every denial I see in my logs.

Those would be good reasons, if tcpd protected you against those things.

The Linux IPv4 stack has an option "accept_source_route" that is off by
default, so that protects you there (as do most decent ISPs that disable
source routing).

TCP_wrappers does nothing to protect against IP spoofing.  Secure
sequence numbers should protect TCP, and proper network design and
filtering is the only thing that can protect UDP against spoofing.

TCP_wrappers was good before we had host-based firewalls, but is really
obsolete at this point, except for trying to do access control based on
DNS (which, for the most part, is a bad idea, as seen in this thread).

Sounds like it is something that we might want to try to deprecate and eventually remove.

ric

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux