Re: /etc/hosts.deny

To: Waldemar Brodkorb <waldemar.brodkorb@web.de>
Cc: debian-user@lists.debian.org, waldemar@web.de
Subject: Re: /etc/hosts.deny
From: Brandon High <armitage@freaks.com>
Date: Mon, 9 Apr 2001 17:12:38 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0104091709450.5092-100000@xenophobe.freaks.com>
In-reply-to: <[🔎] 20010409001741.B10927@web.de>

On Mon, 9 Apr 2001, Waldemar Brodkorb wrote:

> I think this is interesting for you, too:
> 6.1 - Known wrapper limitations
> -------------------------------
> 
> Many UDP (and rpc/udp) daemons linger around for a while after they
> have serviced a request, just in case another request comes in.  In the
> inetd configuration file these daemons are registered with the `wait'
> option. Only the request that started such a daemon will be seen by the
> wrappers.  Such daemons are better protected with the securelib shared
> library (see: Related software).
> 
> The wrappers do not work with RPC services over TCP. These services are
> registered as rpc/tcp in the inetd configuration file. The only non-
> trivial service that is affected by this limitation is rexd, which is
> used by the on(1) command. This is no great loss.  On most systems,
> rexd is less secure than a wildcard in /etc/hosts.equiv.
> 
> /usr/share/doc/libwrap0/README.gz

It may also interest you to set up ipchains to do packet filtering. This
will protect you at the interface level for all IP traffic, not just TCP.
Combined with TCP wrappers, this is fairly safe.

-B

-- 
Brandon High                                     armitage@freaks.com
Love is like a roller coaster. When it's good you don't want to get off,
and when it isn't, you can't wait to throw up.

Reply to:

References:
- Re: /etc/hosts.deny
  - From: Waldemar Brodkorb <waldemar.brodkorb@web.de>

Prev by Date: Re: Backup up the /dev/ directory
Next by Date: Re: ¡°Ð¦°Á½ºþ¡±×¨ÓÃÖ÷»úÍÆ³öÁË£¡¿ìÀ´Å¶¡£¡£¡££¡
Previous by thread: Re: /etc/hosts.deny
Next by thread: Re: /etc/hosts.deny
Index(es):
- Date
- Thread