At 02:51 PM 1/2/02, Clifton Royston wrote: >On Wed, Jan 02, 2002 at 02:17:57PM -0500, Daniel Senie wrote: > > I have an Internet Draft which I've been working on, intended to be a BCP, > > that says everyone SHOULD implement INADDR, but at the same time it says > > use of INADDR as a part of any "security" check should be strongly > discouraged. > >I agree. > >One of the dangers of relying on INADDR, besides it becoming a nearly >useless check with the Internet in its present state, is that if it >*replaces* the raw IP address in logging, it allows an actual malicious >attacker to trivially conceal their point of attack. I'm surprised how >many applications not only expect INADDR to be there but blindly rely >on it if it is.
Since qpopper ALWAYS logs both the IP address AND the INADDR (if present), I contend the logging message complaining about the INADDR failure is superfluous. It serves only to annoy the administrator and waste log space. In cases where the INADDR failed, the log actually shows that without the extra warning message. The IP address is logged twice on the line. So, anyone who wants to check on which hosts are not doing INADDR can easily find this information, without the extra logging line. ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
