On Wed, Jan 02, 2002 at 02:17:57PM -0500, Daniel Senie wrote: > I have an Internet Draft which I've been working on, intended to be a BCP, > that says everyone SHOULD implement INADDR, but at the same time it says > use of INADDR as a part of any "security" check should be strongly discouraged.
I agree. One of the dangers of relying on INADDR, besides it becoming a nearly useless check with the Internet in its present state, is that if it *replaces* the raw IP address in logging, it allows an actual malicious attacker to trivially conceal their point of attack. I'm surprised how many applications not only expect INADDR to be there but blindly rely on it if it is. -- Clifton -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
