Re: your mail

To: Peter Cordes <peter@llama.nslug.ns.ca>
Cc: debian-security@lists.debian.org
Subject: Re: your mail
From: Brian Kimball <bfk@footbag.org>
Date: Thu, 16 Mar 2000 14:19:53 -0800
Message-id: <[🔎] 20000316141953.T28026@adsl-63-195-123-115.dsl.snfc21.pacbell.net>
Mail-followup-to: Peter Cordes <peter@llama.nslug.ns.ca>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20000316175800.A6767@llama.nslug.ns.ca>; from peter@llama.nslug.ns.ca on Thu, Mar 16, 2000 at 05:58:00PM -0400
References: <[🔎] 200003161445.PAA12151@www1.pobox.sk> <[🔎] 20000316150140.C15515@tardis.ed.ac.uk> <[🔎] 20000316163905.Z4490@glutinous.custard.org> <[🔎] 20000316175800.A6767@llama.nslug.ns.ca>

Peter Cordes wrote:

>  This isn't specific to identd, but I'm wondering why you would bother
> filtering the port instead of just not running identd?  (I assume you would
> have/do turn off identd in /etc/inetd.conf as well as using doing port
> filtering.)  I've never really understood why people filter all kinds of
> ports on their own machine when the ports are closed anyway.

While inetd + tcp_wrappers is sufficient for something like identd, it
offers no protection for things that aren't launched from inetd -- a
category that the vast majority of debian daemons falls under (apache,
lpd, X, etc).

-- 
Brian Kimball

Reply to:

Follow-Ups:
- Re: your mail
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- [no subject]
  - From: Ivan Ivanovic <rmask@pobox.sk>
- Re: your mail
  - From: Mark Brown <broonie@tardis.ed.ac.uk>
- Re: your mail
  - From: Tim Haynes <piglet@glutinous.custard.org>
- Re: your mail
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: your mail
Next by Date: Re: your mail
Previous by thread: Re: your mail
Next by thread: Re: your mail
Index(es):
- Date
- Thread