From owner-freebsd-stable@FreeBSD.ORG Tue May 31 17:52:50 2005 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AC2B16A41C for ; Tue, 31 May 2005 17:52:50 +0000 (GMT) (envelope-from ivoras@fer.hr) Received: from pinus.cc.fer.hr (pinus.cc.fer.hr [161.53.73.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5F0D43D48 for ; Tue, 31 May 2005 17:52:47 +0000 (GMT) (envelope-from ivoras@fer.hr) Received: from [161.53.72.113] (lara.cc.fer.hr [161.53.72.113]) by pinus.cc.fer.hr (8.12.2/8.12.2) with ESMTP id j4VHtFpq000542; Tue, 31 May 2005 19:55:15 +0200 (MEST) Message-ID: <429CA42D.6020704@fer.hr> Date: Tue, 31 May 2005 19:51:41 +0200 From: Ivan Voras User-Agent: Mozilla Thunderbird 1.0 (X11/20041213) X-Accept-Language: en-us, en MIME-Version: 1.0 To: bruce@nikkel.com References: <429C7804.8040709@fer.hr> <20050531174833.GA24102@nikkel.com> In-Reply-To: <20050531174833.GA24102@nikkel.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: IP Firewalling by DNS name X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2005 17:52:50 -0000 bruce@nikkel.com wrote: > Access control based on the reverse lookup of an IP address is a > dangerous idea in general. Anyone who manages their own reverse DNS > could bypass the security simply by creating a DNS entry. If someone > controls the in-addr.arpa zone for a particular IP range, they can make > those IPs resolve with any FQDN they want, even with domains they don't > own. Interesting! Thanks!