{{sheesh}} I *meant* tcpwrappers. You're the second guy that's pointed out that switch for tcpdump, and I was sitting here, scratching my head, wondering why in the h you were bringing it up. I see now it's because the wires between my brain and the keyboard were crossed.On Thu, 10 Mar 2005 09:57:57 CST, Paul Schmehl said:
I've been looking through the RFCs and I can't find it. Some folks think reverse dns should be completely disabled. I know for sure that this will break email, because many mail servers won't talk to a server that doesn't reverse. Tcpdump also doesn't like hosts that won't reverse.
"tcpdump -n" is your friend. :)
Now that we've resolved that, here's my arguments, based on the helpful input from the list:
1) reversing internet facing hosts is required by RFC 1912.
2) Ignoring an RFC should only be done for an extremely compelling reason.
3) Rather than hiding hostnames (which is a trivial security gain anyway) we should *move* hosts to private space unless their owners can provide a compelling reason for needing an internet-resolveable address.
Do I win? I think so. :-)
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
