Re: Listening Ports
On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote:
> On Mon, 10 Sep 2001, Alexander Reelsen wrote:
> > First binding then firewalling is a bad idea, someone might be able to
> > access that service via spoofing or other dirty tricks...
> I do not know very much in this area, but I was of the impression, that
> firewalling might be more secure than giving ip, as you can only specify
> the ip, and not the network-interface the connection comes from.
Well, I consider listening on a certain IP as quite secure, because you
mostly know what ip is bound to what interface. If you want to do extra
firewalling per-interface then you need something else than inetd.
Both is useful, what I meant was the fact, that starting unnecessary
services per-ip (per-interface as well ;)) and firewalling those
afterwards is not that securitywise as not starting them at all.
Alexander Reelsen http://joker.rhwd.de
firstname.lastname@example.org GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
email@example.com 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO