1995-10-25 - Re: Does your software?

Header Data

From: Aleph One <aleph1@dfw.net>
To: Adam Shostack <adam@homeport.org>
Message Hash: 4e2231eced9b4fd87893d917e89270ea3d3c3dcb9ff6c066eac0c35934afb4ae
Message ID: <Pine.SUN.3.90.951025105835.29240A-100000@dfw.net>
Reply To: <199510251358.JAA24328@homeport.org>
UTC Datetime: 1995-10-25 16:05:14 UTC
Raw Date: Wed, 25 Oct 95 09:05:14 PDT

Raw message

From: Aleph One <aleph1@dfw.net>
Date: Wed, 25 Oct 95 09:05:14 PDT
To: Adam Shostack <adam@homeport.org>
Subject: Re: Does your software?
In-Reply-To: <199510251358.JAA24328@homeport.org>
Message-ID: <Pine.SUN.3.90.951025105835.29240A-100000@dfw.net>
MIME-Version: 1.0
Content-Type: text/plain


I must disagre here and side with *gasp* FC.
If your so called *secure* server happens to get broken into by grace of 
god, you want to know at least where the attack came from. If Netscape
wants to hide internet hostnames they would to well setting up to DNS 
servers, one for internal resolutions where IPs resolve to their real 
hostname, and one in front of the firewall that resolves all IP's to 
unkown.netscape.com.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 

On Wed, 25 Oct 1995, Adam Shostack wrote:

> 	This is a failure in the (TCP wrappers?) that should be
> reconfigured.
> 
> 	Since the service you are providing is available without any
> authentication, there is no reason to match hostnames to IPs with a
> double reverse lookup.
> 
> 	Since your server is secure, what does it really matter where
> the connections are coming from?  If netscape chooses to hide host
> information, they should be allowed to.
> 
> 	Cypherpunk relevance?  Its wrong to demand authentication when
> you don't care.  Airports, bars, 'anonymous' FTP servers and the like
> should all take the level of authentication they need.
> 
> Adam





Thread