># There are several varients of patches for both sendmail and smail3 that
># use the pident routines to identify spoofed mail.
>
>IF you trust IDENT. A lot of us don't, but...
This is something that every firewaller (or security-minded person
in general) should remember. Ident, DNS, and all the rest are merely
sources of information; when looking at them remotely, one has no
real means by which to judge their validity. It's only information,
and should be taken with large grains of salt.
Now, they *can* reinforce each other; tcp wrappers can match Ident
data, can match DNS data, can match routing data, et cetera. In
fact, I'd wager that many of our "security incidents" are triggered
when an 'odd man out' is found among these sources of information.
--Wes
|
|
