[37426] in North American Network Operators' Group
RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Sun May 13 21:04:31 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922860E45EB@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Frank Rizzo' <rizzo@drunkagain.org>,
Roeland Meyer <rmeyer@mhsc.com>
Cc: nanog@nanog.org
Date: Sun, 13 May 2001 18:04:12 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Frank Rizzo [mailto:rizzo@drunkagain.org]
> Sent: Sunday, May 13, 2001 3:09 PM
>
> On Sun, May 13, 2001 at 02:20:28PM -0700, Roeland Meyer wrote:
> >
> > I've had similar problem at SpeakEasy. They still don't
> have a reverse-DNS clue.
> >
> > http://www.mhsc.com/recovery.htm
> >
> > None of the DSL ISPs can do larger than /27 anymore, even
> when they're
> > ILECs. Anything less than a /24 can't be SWIP'd and if you
> don't control
> > your in-addr.arpa entries you don't control your domain and have no
> > security.
>
> wow, relying on dns for security is pretty freaking ignorant,
> and so are you appearantly. that's okay, i'll shut up now because i'll be
> busy playing with my reverse dns to get your hosts to trust me!
Gee, I wish you knew what you were talking about. Basic security starts with
reverse, see tcp_wrappers, SSH, Oracle (try and build a DB without reverse
working right. Net8 stops you dead in your tracks). Half of my ACLs don't
work right because reverse isn't correct.
> ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.
Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa.
ERROR: Garbage option.
