[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Help?

Subject: Re: [cobalt-users] Help?
From: flash22@xxxxxxx
Date: Mon Aug 7 18:02:21 2000

On Mon, 7 Aug 2000, Henry J. Cobb wrote:
> >From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
> >if you want to affect ALL services, in my opinion the most simple way is
> >rejecting it using the kernel`s routing table. so arriving packets from
> >that ip are just "thrown away". i don`t know if this is possible using
> >hostnames, though. that would be a firewalling job.

hmm...great misinformation...
> 
> Routing is a separate level of the TCP/IP protocol stack than name
> resolution for a very good reason.

'Below' TCP is IP thus TCP/IP, routing happens in the IP layer...

> 
> Generic TCP connection requests do not carry the remote (or local) host
> name.  (Hence the problem with Multiple virtual SSL hosts on the same IP
> address.)

True...False...

> 
> You could design a tool to reject TCP connections by hostname, but then it
> would have to wait for a reverse DNS lookup on every connection from a new
> client and that result would give only one of possibly many virtual host
> names for a given address.

But why bother? inetd does in fact handle rejecting domains by name and
*.yahoo.com would reject all domains above and all IP's on a multi-IP
interface...

Yes, you do a dns lookup...but sometimes it's worthwhile...

g.

Follow-Ups:
- Re: [cobalt-users] Help?
  - From: H.P. Stroebel

References:
- Re: [cobalt-users] Help?
  - From: Henry J. Cobb

Prev by Date: Re: [cobalt-users] [Qube 2] Restore CD
Next by Date: Re: [cobalt-users] How to run PHP scripts on RaQ3 (was PHP3)
Previous by thread: Re: [cobalt-users] Help?
Next by thread: Re: [cobalt-users] Help?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index