RE: Hosts.all/Hosts.deny vs. a firewall?]

To: debian-user@lists.debian.org
Subject: RE: Hosts.all/Hosts.deny vs. a firewall?]
From: William Jensen <jensenb@charter.net>
Date: Sat, 26 Aug 2000 21:44:59 -0500
Message-id: <20000826214459.A16903@charter.net>

Andrew,

I also have proftpd running but it was _not_ called from inet.conf.  I added the line like you suggested.  I also confirmed I have tcp wrappers installed.  After that I nmap'd myself and I see a several listings that are not in the inet.conf..where can I turn these off?

111/tcp	open	Sunrpc
113/tcp	open	auth  <--- need that one?
515/tcp	open	printer
6000/tcp	open	X11

Additionally, I noticed that smtp is not called like ftp is with the /usr/sbin/tcpd first, it's just called /usr/sbin/exim....does this mean that hosts.deny would not protect that port? (getting a little confused here)

Bill

----- Forwarded message from Pollywog <pollywog@shadypond.com> -----

Envelope-to: jensenb@localhost
Date: Sun, 27 Aug 2000 01:58:25 +0000 (UTC)
From: Pollywog <pollywog@shadypond.com>
Subject: RE: Hosts.all/Hosts.deny vs. a firewall?
In-reply-to: <20000826204727.A16612@charter.net>
To: William Jensen <jensenb@charter.net>
Reply-to: Pollywog <pollywog@shadypond.com>
Organization: The Pond
X-Mailer: XFMail 1.4.6 on Linux
X-Priority: 3 (Normal)

On 27-Aug-2000 William Jensen wrote:
> So far I have the following setup:
> 
> hosts.deny:
> 
> ALL:ALL
> 
> hosts.allow:
> 
> ALL: my_work.domain
> 
> My intention is to prevent everyone from the 'outside' from reaching my box.
> I do realize that anyone in my_work.domain would also be able to get at it.
> 
> It is my understanding that this will prevent anyone not in my_work.domain
> from getting to my box with telnet, ftp, etc.  Is this correct?  Is this
> secure?  If this is indeed correct could someone tell me why I would
> need/want a firewall and/or what benefit it would provide me over what I
> already have setup?  More specifically how does a firewall differ from using
> the hosts.allow/hosts.deny files as I described above.

/etc/hosts.deny will only prevent access to FTP, telnetd, etc if you are using
TCP Wrappers:

First make sure you have tcpd installed; it is TCP Wrappers.
Make sure your ftpd is called from /etc/inetd.conf something like this:

ftp             stream  tcp     nowait  root    /usr/sbin/tcpd 
/usr/sbin/proftpd

That should all be on one line in /etc/inetd.conf.  I am using proftpd but if
you are using some other ftp daemon, such as in.telnetd, then put "in.telnetd"
where I have "proftpd".

Any services that do not run from inetd must be protected by a firewall or
turned off.

BTW if you are using apt-get, you can install tcpd with 'apt-get install tcpd'

--
Andrew

----- End forwarded message -----

Reply to:

Follow-Ups:
- RE: Hosts.all/Hosts.deny vs. a firewall?]
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

Prev by Date: Re: LWE: Debian.org booth staff?
Next by Date: Re: Hosts.all/Hosts.deny vs. a firewall?
Previous by thread: Re: your mail
Next by thread: RE: Hosts.all/Hosts.deny vs. a firewall?]
Index(es):
- Date
- Thread