Subject: Re: ipv6 ftp.netbsd.org
To: email@example.com, Wolfgang Rupprecht <firstname.lastname@example.org>
From: Henry B. Hotz <email@example.com>
Date: 04/07/2002 23:12:54
At 12:57 PM +0900 4/8/02, firstname.lastname@example.org wrote:
> In my opinion it is unwise to use the existence of reverse lookup
> mapping as (sort of) authenticity. i don't understand why many of the
> ftp servers do configured this way.
It's the PARANOID option of TCP_WRAPPERS (which NetBSD makes the
default behavior). The purpose is to try to weed out spoofed DNS
responses, and some fake IP source addresses. Just makes it a tiny
bit harder for the bad guys.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or email@example.com