* Kacper Wysocki: > 1. If the attacker has the ability to spoof my DNS, I have been > compromized. It doesn't need to resolve to a FQDN, a spoofed DNS can > resolve my "shortname" to the IP of their choice. They can do this for > all my services, not only ssh.
SSH is supposed t work (IOW, fail reliably) even when the attacker controls DNS (or the routing, for that matter). The only way to achieve that is not to rely on DNS, which means that the specified host name must be processed unaltered. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
