Re: Some foolish ISPs treat other ISPs' customers as third-class citizens. - TCP-IP

This is a discussion on Re: Some foolish ISPs treat other ISPs' customers as third-class citizens. - TCP-IP ; In article , Andrea Griffini wrote: >On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton) >wrote: > >>>> Exactly like Hitler. >> >>BZZZT. Godwin's law invoked. >> >>( http://www.eff.org/Net_culture/Folkl...or/godwins.law ) > >Hehehe... I never heard of that law before ...

+ Reply to Thread
Page 5 of 5 FirstFirst ... 3 4 5
Results 81 to 96 of 96

Thread: Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

  1. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    In article ,
    Andrea Griffini wrote:
    >On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton)
    >wrote:
    >
    >>>> Exactly like Hitler.

    >>
    >>BZZZT. Godwin's law invoked.
    >>
    >>(http://www.eff.org/Net_culture/Folkl...or/godwins.law)

    >
    >Hehehe... I never heard of that law before (btw, the link
    >is broken).


    No it's not, but you have to tell your browser what
    to do with a ".law" file. I tell mine to use vi.

    Here's a pure html link that will work for
    you: http://vrx.net/richard/godwinslaw.html


    --
    Usenet special: on cases of any filters for BMW: http://u.bmwz.org
    http://www.mbz.org | Mailing lists: http://lists.mbz.org
    633CSi 250SE/C 300SD | Classifieds: http://ads.mbz.org
    2 X 280SE | Watches list: http://watches.list.mbz.org

  2. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    richard@vrx.news (Richard Sexton) writes:

    > In article ,
    > Andrea Griffini wrote:
    > >On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton)
    > >wrote:
    > >
    > >>>> Exactly like Hitler.
    > >>
    > >>BZZZT. Godwin's law invoked.
    > >>
    > >>(http://www.eff.org/Net_culture/Folkl...or/godwins.law)

    > >
    > >Hehehe... I never heard of that law before (btw, the link
    > >is broken).

    >
    > No it's not, but you have to tell your browser what
    > to do with a ".law" file. I tell mine to use vi.
    >
    > Here's a pure html link that will work for
    > you: http://vrx.net/richard/godwinslaw.html


    According 'Page info' type is 'text/html' for
    resource http://www.eff.org/Net_culture/Folkl...or/godwins.law.

    So it is pure html. What browser is problems?




  3. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    Kari Hurtta writes:

    > richard@vrx.news (Richard Sexton) writes:
    >
    > > In article ,
    > > Andrea Griffini wrote:
    > > >On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton)
    > > >wrote:
    > > >
    > > >>>> Exactly like Hitler.
    > > >>
    > > >>BZZZT. Godwin's law invoked.
    > > >>
    > > >>(http://www.eff.org/Net_culture/Folkl...or/godwins.law)
    > > >
    > > >Hehehe... I never heard of that law before (btw, the link
    > > >is broken).

    > >
    > > No it's not, but you have to tell your browser what
    > > to do with a ".law" file. I tell mine to use vi.
    > >
    > > Here's a pure html link that will work for
    > > you: http://vrx.net/richard/godwinslaw.html

    >
    > According 'Page info' type is 'text/html' for
    > resource http://www.eff.org/Net_culture/Folkl...or/godwins.law.
    >
    > So it is pure html. What browser is problems?


    (seems that browser is laying about type.
    lynx says that type is 'message/rfc822'.)




  4. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    In article <5dznbvawru.fsf@attruh.keh.iki.fi>,
    Kari Hurtta wrote:

    > Kari Hurtta writes:
    >
    > > richard@vrx.news (Richard Sexton) writes:
    > >
    > > > In article ,
    > > > Andrea Griffini wrote:
    > > > >On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton)
    > > > >wrote:
    > > > >
    > > > >>>> Exactly like Hitler.
    > > > >>
    > > > >>BZZZT. Godwin's law invoked.
    > > > >>
    > > > >>(http://www.eff.org/Net_culture/Folkl...or/godwins.law)
    > > > >
    > > > >Hehehe... I never heard of that law before (btw, the link
    > > > >is broken).
    > > >
    > > > No it's not, but you have to tell your browser what
    > > > to do with a ".law" file. I tell mine to use vi.
    > > >
    > > > Here's a pure html link that will work for
    > > > you: http://vrx.net/richard/godwinslaw.html

    > >
    > > According 'Page info' type is 'text/html' for
    > > resource http://www.eff.org/Net_culture/Folkl...or/godwins.law.
    > >
    > > So it is pure html. What browser is problems?

    >
    > (seems that browser is laying about type.
    > lynx says that type is 'message/rfc822'.)


    Lynx is correct:

    $ telnet www.eff.org http
    Trying 209.237.229.14...
    Connected to www.eff.org.
    Escape character is '^]'.
    HEAD /Net_culture/Folklore/Humor/godwins.law HTTP/1.0

    HTTP/1.1 200 OK
    Date: Sat, 07 Feb 2004 18:26:51 GMT
    Server: Apache/2.0.40 (Red Hat Linux)
    Last-Modified: Wed, 28 Jan 2004 22:49:58 GMT
    ETag: "270089-1021-d277d180"
    Accept-Ranges: bytes
    Content-Length: 4129
    Connection: close
    Content-Type: message/rfc822
    Content-Encoding: 7bit

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  5. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Thu, 5 Feb 2004, Andrea Griffini wrote:
    > On Wed, 4 Feb 2004 07:04:48 GMT, richard@vrx.news (Richard Sexton)
    > wrote:
    >
    > >>> Exactly like Hitler.

    > >
    > >BZZZT. Godwin's law invoked.
    > >
    > >(http://www.eff.org/Net_culture/Folkl...or/godwins.law)

    >
    > Hehehe... I never heard of that law before (btw, the link
    > is broken). Actually Hitler was not even the first example
    > that come to my mind.
    >
    > Feel free to substitute that example with any other
    > one in which an idiot knew what was the solution to
    > all the problems and thought it was its duty to fix
    > the world.
    >
    > Also I was surely not trying to end the discussion...
    > on the opposite I would like to understand why Mr.
    > Stussy is not replying to the real issue.


    Simple: I don't read the group every day. I don't need to waste my time with
    the idiots here when I have more important things to do.

    > That a reverse DNS lookup should be the opposite of
    > the forward lookup is not stated in any document,
    > and has never been a requirement in the past.


    If you read Mr. Margolin's response, you will find that the object (RHS) of a
    PTR record is supposed to be a hostname which appears (on the LHS) in an
    address-type (A, AAAA, or A6) record, and that he provided the reference you
    seek. That sounds pretty conclusive to me.

    > It adds nothing even in theory to the security (if
    > you can't trust your DNS because for example you
    > suspect it has been spoofed, why would you trust
    > any other IP address ?) and fails short in practice
    > because in the real world reverse DNS lookup doesn't
    > fit that picture (many users have no control of the
    > reverse lookup of the IP that was assigned to them,
    > in many other cases reverse lookup simply doesn't
    > work at all). Checking both lookups and drop a message
    > if they don't match actually HURTS security as it
    > makes EASIER to break the system.


    That's because of their DEFECTIVE contract. They contracted only for a fixed
    IP, not for domain name rights that go with it (i.e. access to have the reverse
    mapping properly set for their domain). You will find that organizations that
    have authority over both (e.g. almost any ".edu" domain) will set these as a
    reflexive pair.

    If an entity doesn't have sufficient control over their DNS to have their
    reverse PTR entry point to a hostname on an address-type record, they are better
    off having NO PTR RR - because having no PTR cannot lead to the "possibly
    forged" condition, nor can it lead to a hostname (at all, let alone) that
    resembles a "dynamic" dummy-name assignment.

    [Whether a host has no resolvable name from a PTR record is a completely
    different criterion that some use to deny SMTP service, but outside of this
    thread.]

    Remember that the "possibly forged" or "dynamic" conclusions constitute the
    identification criteria that lead to "third class" treatment that the title of
    this thread talks about.

    > The point isn't however if reverse DNS can be made
    > to work in the real world. That is a purely academic
    > discussion that may be interesting or may be not.
    >
    > The problem is that for email to become a service
    > there should be reasonable guarantees that idiots
    > that break the service *inventing their own rules*
    > and imposing them on *other* unwillingly people (or
    > without having them even know about those filters
    > and their implications) must be at least prosecuted.
    >
    > Until cutting the electrical power cable that
    > enters your neighbour's home because you think it's
    > a smart idea gets you to a court there is little
    > that can solve this issue. Shielding the cables
    > against *criminals* that do that on intention is
    > a step that comes later.
    >
    > There can be no fight against spam because there
    > is nothing to defend. The very moment the world
    > will agree that email is valuable and must be
    > defended people like Mr Stussy will get to jail
    > if they apply their wonderful ideas to other
    > people's mail. We unfortunately are not even
    > there (yet).
    >
    > For the mail system idiots are no less dangerous
    > than criminals.


    ...And so are people that don't realize that poorly configured systems are often
    abused by the spammers.

  6. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    On Mon, 09 Feb 2004 09:35:54 GMT, "D. Stussy"
    wrote:

    >If you read Mr. Margolin's response, you will find that the object (RHS) of a
    >PTR record is supposed to be a hostname which appears (on the LHS) in an
    >address-type (A, AAAA, or A6) record, and that he provided the reference you
    >seek. That sounds pretty conclusive to me.


    This thread is long, but where is stated that the check
    your were advocating (doing a reverse lookup on the
    addres to get the name and make a check it's consistent
    with the provided name) is meaningful ?
    I checked a bounch of messages from this gigantic thread
    and I found no one agreeing with you on that.

    Doing an IP->name->IP and checking the IP is a *different
    thing* (but in my opinion even this can generate problems).

    >..And so are people that don't realize that poorly configured systems are often
    >abused by the spammers.


    Hehehe... may be we should jail all single 30-something
    male as there are statistical evidences that most serial
    killers are in that category ?

    Here in Italy if a mailman decides to drop mail because
    he thinks is useless or because he thinks that from those
    areas (or with evelopes with that color) often there
    is nothing interesting the consequences for him could
    be quite serious.

    Do you wanna stop spam directed to others ? Good ... but
    in my opinion on a false positive you should risk jail.
    Until then you are just helping the spammers in making
    the mail service completely unreliable.

    Andrea

  7. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    In article ,
    "D. Stussy" wrote:

    > That's because of their DEFECTIVE contract.


    You keep saying this, but you're deluded. The problem is that what you
    refer to as "defective" is the de facto *standard* type of contract for
    personal ISP accounts. You have to purchase a much more expensive
    business account to have any options. Calling this defective is like
    calling McDonalds a defective restaurant because you can't ask for your
    burger to be cooked medium rare; it's not defective, it's just less
    expensive and hence less feature-rich.

    > If an entity doesn't have sufficient control over their DNS to have their
    > reverse PTR entry point to a hostname on an address-type record, they are
    > better
    > off having NO PTR RR - because having no PTR cannot lead to the "possibly
    > forged" condition, nor can it lead to a hostname (at all, let alone) that
    > resembles a "dynamic" dummy-name assignment.


    ISPs rarely force the situation of "no PTR record". If they don't offer
    a way to customize the customer's reverse DNS, they almost always
    install PTR records that point into their own domain. These names won't
    match the names that the customers use for themselves in their personal
    forward DNS, but that shouldn't matter; all that matters is that the
    names in the PTR records have corresponding A record. This is all I've
    been trying to say throughout this thread.

    E.g. the ISP will probably have something like:

    w.x.y.z.in-addr.arpa. IN PTR host-z-y-x-w.cust-dsl.isp.net.
    host-z-y-x-w.cust-dsl.isp.net. IN A z.y.x.w

    and the customer themselves may have:

    mail.theirdomain.com. IN A z.y.x.w

    This shouldn't ever result in a "possibly forged" marker when the
    machine sends out mail. The receiving machine will see an incoming
    connection from z.y.x.w, perform a reverse lookup to get
    host-z-y-x-w.cust-dsl.isp.net, do a forward lookup of that, and confirm
    that it's the address it started with. The name mail.theirdomain.com
    never shows up in the process.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  8. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Mon, 9 Feb 2004, Andrea Griffini wrote:

    > Here in Italy if a mailman decides to drop mail because he thinks is
    > useless or because he thinks that from those areas (or with evelopes
    > with that color) often there is nothing interesting the consequences
    > for him could be quite serious.


    The example is inappropriate. A correct one would be "if I give a
    directive to the concierge (portinaio here !) of MY house to give back
    to the mailman any sort of mail I'm obviously not interested in" or "if
    the direction of my institute gives a directive to the concierge to
    reject any mail clearly not for institutional purposes".

    Which is what we do with DNSBL. In the past we have been flooded with
    900 spam per day (including those in chinese and turkish) versus 400
    "good" mail. Now the rate has decreased since we dropped our old domain.

    But almost all of the "new" spam now comes from dial-in connections of a
    major provider (interbusiness.it) who apparently had gained a bad fame
    worldwide.

    --
    ----------------------------------------------------------------------
    nospam@mi.iasf.cnr.it is a newsreading account used by more persons to
    avoid unwanted spam. Any mail returning to this address will be rejected.
    Users can disclose their e-mail address in the article if they wish so.


  9. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    * On Mon, 09 Feb 2004 13:00:05 GMT, Andrea Griffini wrote:
    >
    > Here in Italy if a mailman decides to drop mail because
    > he thinks is useless or because he thinks that from those
    > areas (or with evelopes with that color) often there
    > is nothing interesting the consequences for him could
    > be quite serious.
    >


    Nulla vidi. Non c'ero e se c'ero dormivo. hahahah

    --
    I'm Fluffy

  10. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Tue, 10 Feb 2004, Andrea Griffini wrote:

    > >Which is what we do with DNSBL. In the past we have been flooded with
    > >900 spam per day (including those in chinese and turkish) versus 400
    > >"good" mail. Now the rate has decreased since we dropped our old domain.

    >
    > We who ? For the mail directed to who ?


    "We" are a research institute presently of CNR, and soon to be moved
    into INAF. Since every new government in this country seems to want to
    make a new "reform" of research organization, we have already changed
    our name (and domain) once. Our mailserver in the new domain was however
    able to accept mail addressed to both our old and new domain.

    And almost all spam was addressed to our old domain. Now the remaining
    spam (to the new domain) comes almost only from dynamic addresses.

    We have never seen our servers going INTO a blacklist, and this occurs
    only occasionally to servers of research organizations in any country.

    > >But almost all of the "new" spam now comes from dial-in connections of a
    > >major provider (interbusiness.it) who apparently had gained a bad fame
    > >worldwide.

    >
    > yeah... in my experience they're good for connectivity,
    > but they're quite bad for mail (they have an history of
    >
    > Unfortunately we are not able to set up our server because
    > there are idiots out there that doesn't want us to be able
    > to send mail (because they want us to use our provider).
    >
    > There are other providers... sure. In one of them you can


    > Do you think switching to them is the way to go ?


    Don't know. Not my business. If you don't pay, you cannot complain.
    If you pay and they run a lousy service and get blacklisted, you can
    complain. If they do not fix it, you should change. If your bosses pay
    and do not care, I do not know what to say.

    But the rest of the world has the right to defend from spam.

    Luckily for us, we are in the GARR, and therefore providers for
    ourselves. But you might inquire on it.news.net-abuse ... lot of
    discussion about spam and bad and good providers, and competent people
    there.

    --
    ----------------------------------------------------------------------
    nospam@mi.iasf.cnr.it is a newsreading account used by more persons to
    avoid unwanted spam. Any mail returning to this address will be rejected.
    Users can disclose their e-mail address in the article if they wish so.


  11. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Mon, 9 Feb 2004, Andrea Griffini wrote:
    > On Mon, 09 Feb 2004 09:35:54 GMT, "D. Stussy"
    > wrote:
    >
    > >If you read Mr. Margolin's response, you will find that the object (RHS) of a
    > >PTR record is supposed to be a hostname which appears (on the LHS) in an
    > >address-type (A, AAAA, or A6) record, and that he provided the reference you
    > >seek. That sounds pretty conclusive to me.

    >
    > This thread is long, but where is stated that the check
    > your were advocating (doing a reverse lookup on the
    > addres to get the name and make a check it's consistent
    > with the provided name) is meaningful ?
    > I checked a bounch of messages from this gigantic thread
    > and I found no one agreeing with you on that.
    >
    > Doing an IP->name->IP and checking the IP is a *different
    > thing* (but in my opinion even this can generate problems).


    That check is not a "different thing" - but the exact check where, if the IP
    address one started with is not [among] the one[s] returned by the second query,
    the "possibly forged" result IS what is returned. That was in part the EXACT
    basis for the "third class" treatment (the other part being that the
    intermediate hostname returned was of a name pattern that obviously indicated a
    dynamic assignment by the ISP).

    If you weren't checking the messages in this thread via "comp.mail.misc," the
    obviously you have a problem. No other group has the complete thread.

    > >..And so are people that don't realize that poorly configured systems are often
    > >abused by the spammers.

    >
    > Hehehe... may be we should jail all single 30-something
    > male as there are statistical evidences that most serial
    > killers are in that category ?
    >
    > Here in Italy if a mailman decides to drop mail because
    > he thinks is useless or because he thinks that from those
    > areas (or with evelopes with that color) often there
    > is nothing interesting the consequences for him could
    > be quite serious.
    >
    > Do you wanna stop spam directed to others ? Good ... but
    > in my opinion on a false positive you should risk jail.
    > Until then you are just helping the spammers in making
    > the mail service completely unreliable.
    >
    > Andrea
    >


  12. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Mon, 9 Feb 2004, Barry Margolin wrote:
    > In article ,
    > "D. Stussy" wrote:
    > > That's because of their DEFECTIVE contract.

    >
    > You keep saying this, but you're deluded. The problem is that what you
    > refer to as "defective" is the de facto *standard* type of contract for
    > personal ISP accounts. You have to purchase a much more expensive
    > business account to have any options. Calling this defective is like
    > calling McDonalds a defective restaurant because you can't ask for your
    > burger to be cooked medium rare; it's not defective, it's just less
    > expensive and hence less feature-rich.


    Such is not standard in any such contract that I have seen. I help a friend
    with web hosting, so we deal with these things all the time.

    > > If an entity doesn't have sufficient control over their DNS to have their
    > > reverse PTR entry point to a hostname on an address-type record, they are
    > > better
    > > off having NO PTR RR - because having no PTR cannot lead to the "possibly
    > > forged" condition, nor can it lead to a hostname (at all, let alone) that
    > > resembles a "dynamic" dummy-name assignment.

    >
    > ISPs rarely force the situation of "no PTR record". If they don't offer
    > a way to customize the customer's reverse DNS, they almost always
    > install PTR records that point into their own domain. These names won't
    > match the names that the customers use for themselves in their personal
    > forward DNS, but that shouldn't matter; all that matters is that the
    > names in the PTR records have corresponding A record. This is all I've
    > been trying to say throughout this thread.
    >
    > E.g. the ISP will probably have something like:
    >
    > w.x.y.z.in-addr.arpa. IN PTR host-z-y-x-w.cust-dsl.isp.net.
    > host-z-y-x-w.cust-dsl.isp.net. IN A z.y.x.w
    >
    > and the customer themselves may have:
    >
    > mail.theirdomain.com. IN A z.y.x.w
    >
    > This shouldn't ever result in a "possibly forged" marker when the
    > machine sends out mail. The receiving machine will see an incoming
    > connection from z.y.x.w, perform a reverse lookup to get
    > host-z-y-x-w.cust-dsl.isp.net, do a forward lookup of that, and confirm
    > that it's the address it started with. The name mail.theirdomain.com
    > never shows up in the process.


    ...BUT that dummy assignment does result in the OTHER criterion for "third class"
    treatment that started this thread - a hostname resembling a DYNAMIC assignment,
    which the "smart" SMTP server will reject the connection of - since there are so
    many ("enough to be annoying") poorly configured and/or virus infected systems
    out there that have these types of names.

  13. Re: Some foolish ISPs treat other ISPs' customers as third-class citizens.

    In article ,
    "D. Stussy" wrote:

    > On Mon, 9 Feb 2004, Barry Margolin wrote:
    > > In article ,
    > > "D. Stussy" wrote:
    > > > That's because of their DEFECTIVE contract.

    > >
    > > You keep saying this, but you're deluded. The problem is that what you
    > > refer to as "defective" is the de facto *standard* type of contract for
    > > personal ISP accounts. You have to purchase a much more expensive
    > > business account to have any options. Calling this defective is like
    > > calling McDonalds a defective restaurant because you can't ask for your
    > > burger to be cooked medium rare; it's not defective, it's just less
    > > expensive and hence less feature-rich.

    >
    > Such is not standard in any such contract that I have seen. I help a friend
    > with web hosting, so we deal with these things all the time.


    I said "personal ISP accounts", e.g. the typical $20/month dialup or
    $40/month cable modem or DSL connections that are marketed to retail
    consumers.

    Web hosting services are a very different thing.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  14. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    On Mon, 16 Feb 2004, Barry Margolin wrote:
    > In article ,
    > "D. Stussy" wrote:
    >
    > > On Mon, 9 Feb 2004, Barry Margolin wrote:
    > > > In article ,
    > > > "D. Stussy" wrote:
    > > > > That's because of their DEFECTIVE contract.
    > > >
    > > > You keep saying this, but you're deluded. The problem is that what you
    > > > refer to as "defective" is the de facto *standard* type of contract for
    > > > personal ISP accounts. You have to purchase a much more expensive
    > > > business account to have any options. Calling this defective is like
    > > > calling McDonalds a defective restaurant because you can't ask for your
    > > > burger to be cooked medium rare; it's not defective, it's just less
    > > > expensive and hence less feature-rich.

    > >
    > > Such is not standard in any such contract that I have seen. I help a friend
    > > with web hosting, so we deal with these things all the time.

    >
    > I said "personal ISP accounts", e.g. the typical $20/month dialup or
    > $40/month cable modem or DSL connections that are marketed to retail
    > consumers.


    Those don't generally offer an option for a FIXED IP address - which is what
    sparked this thread.

    > Web hosting services are a very different thing.


    But hosting (i.e. fixed IP service) is what is being discussed, not dial-up.

  15. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    Barry Margolin wrote:

    (snip)

    > ISPs rarely force the situation of "no PTR record". If they don't offer
    > a way to customize the customer's reverse DNS, they almost always
    > install PTR records that point into their own domain. These names won't
    > match the names that the customers use for themselves in their personal
    > forward DNS, but that shouldn't matter; all that matters is that the
    > names in the PTR records have corresponding A record. This is all I've
    > been trying to say throughout this thread.


    Yes. That PTR entry will enable one to track down the ISP, and the
    ISP should have records indicating who was using that IP address on
    a specified date and time.

    -- glen


  16. Re: Some foolish ISPs treat other ISPs' customers as third-classcitizens.

    Barry Margolin wrote:

    (snip)

    > If you have an access list that says "allow *.", you need to do
    > an address->name->address consistency check. Otherwise, anyone who
    > controls their own reverse DNS could put in a PTR record that maps their
    > address to something., and it would pass this check. That's the
    > reason why things like SSH servers are likely to perform the consistency
    > check.


    Or for /etc/hosts.equiv and ~/.rhosts, though those are less
    commonly used now.

    > Most of the anonymous FTP servers that do it have it as part of a
    > geographic heuristic. They want to limit access to US organizations,
    > and they often do it by performing a reverse lookup, then performing a
    > WHOIS lookup of the domain. As above, you need to perform the
    > consistency check to make sure the domain they get back is valid.


    I would have thought that an ARIN lookup on the IP address would
    be more reliable, but both could work.

    (snip)

    -- glen


+ Reply to Thread
Page 5 of 5 FirstFirst ... 3 4 5