This deserves further analysis:
On Tue, 22 Feb 2005, Pekka Savola wrote:
> But yet, it _is_ a form of security.
>
> For example, lots of people have tcp wrappers configuration in their
> SSHD, requiring that connection attempts come from host.example.com,
> .example.net or whatever (forward+reverse check). This is especially
> useful when the server is at example.net, but has a couple of pinholes
> to the world.
>
> In addition to that, there is a public key security or password
> authentication.
The illogic of this can't be ignored.
If public key or password authentication are "in addition" to some
security, then we can consider what security is left without 'public key
or password'. So lets do that: Well, this is exactly the bsd r-command
EXPLOIT. No security remains.
In-addr checks are not security: They are not "a form of", not "a little
bit"; But none at all. They are worse than none at all even: it is an
EXPLOIT, a vulnerability, a weakness.
Absolutely, one should never, ever depend on or use in-addr as security in
their tcp-wrappers or system security configuration. That includes
logging. Putting it in logs is not necessarilly harmful, but relying on
it is harmful. Too frequently, zealots don't grasp the difference.
If one changed all non-convenience (ie traceroute) use of in-addr from a
question of "what is the name of this host?" to "should I record possible
evidence of a poisoned cache?", one might get better usage patterns from
applications.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
