Re: rlinetd security

To: Jason Thomas <jason@topic.com.au>
Cc: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>, debian-security@lists.debian.org
Subject: Re: rlinetd security
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 18 Jun 2001 09:45:47 +0100
Message-id: <[🔎] 861yoii3b8.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20010618172603.E27262@topic.com.au> (Jason Thomas's message of "Mon, 18 Jun 2001 17:26:03 +1000")
References: <[🔎] 20010618172603.E27262@topic.com.au>

Jason Thomas <jason@topic.com.au> writes upside-down:

> this stuff can also be controlled using hosts.deny and hosts.allow. so
> then any inetd prog will do!

No it can't. There's a difference between not listening on the interface at
all, and filtering it out by allowing them to connect to the port first and
only later saying `I don't like the look of your IP#'.

If nothing else, you *should* use rlinetd or xinetd or similar to control
the binding *as well as* tightening down hosts.{allow,deny}.

~Tim
-- 
   09:43:56 up 3 days, 13:48, 16 users,  load average: 0.00, 0.00, 0.00
piglet@stirfried.vegetable.org.uk |Ideologies come, ideologies go
http://piglet.is.dreaming.org     |A waste of words, and endless flow

Reply to:

References:
- Re: rlinetd security
  - From: Jason Thomas <jason@topic.com.au>

Prev by Date: Re: gnupg problem
Next by Date: Re: rlinetd security
Previous by thread: Re: rlinetd security
Next by thread: Re: rlinetd security
Index(es):
- Date
- Thread