Clear up what the line "ALL : PARANOID : RFC931 20 : deny" means

to tcp wrappers. The description is a little long, but hopefully accurate.
svn path=/head/; revision=81890
2024-11-29 02:22:43 +00:00 · 2001-08-18 14:22:52 +00:00 · 2001-08-18 14:22:52 +00:00 · 1139160ec0 · 2020-12-20 02:59:44 +00:00
commit 1139160ec0
parent c5109a323c
1 changed files with 6 additions and 1 deletions
--- a/etc/hosts.allow
+++ b/etc/hosts.allow
@ -26,7 +26,12 @@ ALL : ALL : allow
 # need to do it, here's how
 #sshd : .evil.cracker.example.com : deny 

-# Provide some protection against clients using a forged source IP address
+# Protect against simple DNS spoofing attacks by checking that the
+# forward and reverse records for the remote host match. If a mismatch
+# occurs, access is denied, and any positive ident response within
+# 20 seconds is logged. No protection is afforded against DNS poisoning,
+# IP spoofing or more complicated attacks. Hosts with no reverse DNS
+# pass this rule.
 ALL : PARANOID : RFC931 20 : deny

 # Allow anything from localhost.  Note that an IP address (not a host