>Date: Sun, 11 Apr 1999 19:05:30 -0400 (EDT)
>From: Robert Watson <rob...@cyrus.watson.org>

>I'd actually like to see wtmp only use IP addresses, never hostnames. 

I would prefer to have that be an installation-selectable option, at

>Spoofed names are fairly easy to arrange; with IP filtering on border
>routers, spoofed IPs are harder.  Besides which, connections are from IPs
>and not names.  :-)  This of course sticks you with the task of DNS
>lookups when viewing wtmp, when you may already have done them at login
>time.  Probably ideally, we'd have two variable length fields, one for a
>network-supplied source, and one for a transformed source such as name,
>display name (....:0), etc.  But that requires modifying the record
>format, which is always a pain.

In my case, it's more because I expect the association of hostname <-> IP
address to be rather transient compared to the interval during which the
information might be useful:  although it may be of interest to know what
the hostname was at the time of the original event, it's more likely to
be useful for me to know the IP address at the time.  And merely because
I know one of those *now* doesn't mean that I necessarily know what the
other was *then*.

(And yes, this is more of a concern when investigating such things as
dropped (but logged) ICMP redirects targeted at some of our perimeter
hosts, for example.  I'm rather less concerned within our internal nets.)

David Wolfskill         UNIX System Administrator
d...@whistle.com                voice: (650) 577-7158   pager: (650) 371-4621

To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message

Reply via email to