On Wed, Mar 31, 2004, Douglas F. Calvert wrote:
Hello, I am interested in finding out what the motivation is for requiring valid reverse address lookups before connecting to a daemon. I have heard a number of different explanations, the majority of the responses point to history/tradition and tcpwrappers. Is there a commonly accepted justification for this practice? In my opinion it does not appear to increase the validity of the connection. But I may be missing something obvious.
if you reverse resolve, then some registry somewhere (ARIN, RIPE, APNIC, etc) recognises that network as having 'valid' contact details and has assigned someone reverse authority. It stops some IP block hijackers - if you find the right peer, you can just pop up for a bit, say "hi! I'm foo/12!", start spamming from a few /16's worth of IPs, then drop away after an hour. In practice, at least with IP block hijackers, they'll either (a) hijack a smaller chunk of a registered/announced ip network, complete with nameservers, or (b) they'll find a registered but un-announced ip network, with the in-addr authoritative nameservers inside said network, and just pop up for spamming there. I think you'll find the original reasoning rooted in past history. A few useful side-effects, like the above, have popped up so I don't think there's much motivation to change it. 2c, Adrian -- Adrian Chadd I'm only a fanboy if <adrian@creative.net.au> I emailed Wesley Crusher.