Re: xinetd /etc/host.deny ALL:PARANOID
On Thu, Jan 10, 2002 at 03:41:37PM +0100, Davi Leal wrote:
> Is It safe to delete the ALL:PARANOID line in /etc/hosts.deny to avoid the
> below messages in /var/log/syslog?
>
> Jan 22 12:13:46 excalibur xinetd[254]: warning: /etc/hosts.deny, line 15:
> can't verify hostname: gethostbyname(geicamdsl.easynet.es) failed
> Jan 22 12:13:46 excalibur xinetd[254]: refused connect from 213.139.10.34
> --------------------
> /etc/hosts.deny
>
> # The PARANOID wildcard matches any host whose name does not match its
> # address.
> ALL: PARANOID
Why would you want to remove your first line of defence? Do you want the
whole world to have access to the box in question?
If a host does not match its IP, your system SHOULD deny it access.
> --------------------
> /etc/hosts.allow
>
> sendmail: all
> in.qpopper: all
I would modify that "all" to the IP range which you use:
in.qpopper: xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
I'm not an ISP or even a tech person so maybe someone else can get in on
this and elaborate.
Sam
--
(Sam Varghese)
http://www.gnubies.com
Software industry: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems.
Reply to: