Thanks for the reply.
I took the advice of putting ALL: ALL in the hosts.deny file and now even
sshd will deny an attempt at connecting to it. It is open ssh from the
debian potato archive. Not sure why it is working according to what you
wrote, but it is denying everyone not in hosts.allow now.
'space ghost using enlightenment'
> Another thing might be services which don't use TCP Wrappers like sshd
> compiled without the --with-libwrap option etc - these services won't care
> what's in the hosts.* files.
> Marcin Pacyna
> -----Original Message-----
> From: Nathan [mailto:firstname.lastname@example.org]
> Sent: Wednesday, September 06, 2000 3:19 PM
> To: email@example.com
> Cc: debian-isp
> Subject: Re: hosts.deny
> PARANOID does not mean "anyone" it means anyone who the reverse DNS lookup
> fails on.
> ALL: X.X.X.X (replace as needed ;)
> ALL: ALL
> On Wed, 6 Sep 2000 firstname.lastname@example.org wrote:
> > Hello ISPers,
> > I have a question re: security.
> > I my hosts.deny I have:
> > # The PARANOID wildcard matches any host whose name does not match its
> > # address.
> > ALL: PARANOID
> > Basically I am trying to deny all but one IP address to any service. Yet I
> > wanted to test it by trying to open a ssh session to the machine and I can
> > ssh in just fine. I was wondering what I was doing wrong in my
> > host.deny. I have nothing in my host.allow also.
> > Any advice appriciated.
> > D. Ghost
> > 'space ghost and debian ghost are one'
> > --
> > To UNSUBSCRIBE, email to email@example.com
> > with a subject of "unsubscribe". Trouble? Contact
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
- Re: hosts.deny
- From: Marcin Owsiany <email@example.com>