-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Hannes" == Hannes Gredler <hannes@juniper.net> writes:
    Hannes> correct, michael requires you to have a valid PTR entry ...
    Hannes> assume at your employer there must be some workstation with
    Hannes> a valid PTR entry ;-)

  Here is the problem.

  a) someone/something connects to anon-cvs, disconnects the socket
     (so I don't see anything in netstat), and then seems to leave	
     a dozen cvs-pserver's R-unning, consuming 99% CPU.

  b) I then set up hosts.allow to permit only people who wanted to 
     connect to do so.

     However, cvs.tcpdump.org is an alias on the machine, not its
     primary IP, and this seems to upset NetBSD (1.6)
     hosts.allow/libwrap/inetd. 

     {It is libwrap that wants a valid forward/reverse PTR}

     I haven't had time to debug through this and determine if this
     is a real problem, or what.

     I guess, if you do anon-cvs to lox.sandelman.ca, it may work.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



	

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQSTAuIqHRg3pndX9AQHE6AP+J5wFBSehwOM7bpF9/YkNV8216Iuklc5F
RafiXCef7oqUWtilegeJVJxvjbhS8BABu+do11D+LCwUaSlgSjapHnsi+IqSrwGZ
TmDui9DZOCAkX30sMtAXJu72lqhKwGsLwyv7lPjk6Gt3NbAJB3fjL6A4mj7zzMOg
B5bfZOe1R6M=
=N/Lb
-----END PGP SIGNATURE-----