I was reading a chapter in an administrator’s guide and was caught by the entries shown by the author’s version of his /etc/host.conf file. He shows two entries that caught my attention: spoofalert and nospoof. Neither of these entries have a following value, so they would use the default values.
Looking at the man page, I find that the default values are OFF for both these keywords. It seems that the inclusion then would be unnecessary. Am I correct in this assumption?
And, why would these keywords not be included and turned on? It would seem to be advantageous from a security standpoint. But then, the openSuse team would have most likely included them as a default, wouldn’t they?
Obviously, I’m not understanding this situation. Can someone provide an explanation, or point me to a place where I can find an explanation?
20 years ago, I was using “rlogin” and “rsh” to connect to other computers in the local network. The file “/etc/hosts.equiv” listed which machines I could rlogin to without a password. The fact that I was logged into my own machine, and that it was listed in “/etc/hosts.equiv” on the destination provided a kind of weak authentication.
That weak authentication can be spoofed. The question is whether DNS should do some extra looks to try to identify possible spoofing. This check was never foolproof.
These days, I use only “ssh” and related commands. And they provide better checking with the ssh host key. So the spoofing check is no longer useful. Worse, it gives false positives in todays environment with NAT routers. And it does otherwise unneeded DNS lookups. And “rlogin” is no longer part of a standard install.
So the spoofing check is a relic from the past. It is not needed.