How secure is "hosts allow"? I have "hosts allow = bkup" in my rsyncd.conf. Then in /etc/hosts I have: 184.108.40.206 bkup This makes only 220.127.116.11 able to connect to rsync. Could someone spoof their hostname somehow to trick rsync into letting them in, though? e.g. If they reverse DNS says that they're called "bkup".