Re: security risk of having a long list of services in inetd

From: Martin <martin@xxxxxxxxxxxx>
Date: Sat, 30 Aug 2008 22:31:06 +0200

Hi,

2008/8/30 Paul Dufresne <dufresnep@xxxxxxxxx>:

2008/8/30 Thomas Weinbrenner <thomas@xxxxxxxxxxxxxxxxxxxxx>:
Well, it is more than just a name. man inetd says:

It's simply the information that says:

smtp is on port 25
ssh is on port ...
...

nothing more nothing less.

It depends on inetd (and only inetd) wether to use this information
and how to use this information. There are btw. different inetd
servers available I'm too lazy right now to check up for but at least
openbsd-inetd and xinetd should be there. I vaguely remember some
inetd that insisted on only accepting services being configured if
they were listed in /etc/services - the chance of my brain lying to me
right now isn't that unrealistic so you might want to check that.

If you insist on making your /etc/services file tell that "ssh is on
port 2022" that is totally up to you but I wouldn't recommend it,
afaik the listings in there are standardized port numbers.

hth
martin

--
http://www.xing.com/profile/Martin_Marcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: security risk of having a long list of services in inetd
  - From: Martin

References:
- security risk of having a long list of services in inetd
  - From: Paul Dufresne
- Re: security risk of having a long list of services in inetd
  - From: Thomas Weinbrenner
- Re: security risk of having a long list of services in inetd
  - From: Paul Dufresne

Prev by Date: Re: Can't Detach from a startup script
Next by Date: Re: security risk of having a long list of services in inetd
Previous by thread: Re: security risk of having a long list of services in inetd
Next by thread: Re: security risk of having a long list of services in inetd
Index(es):
- Date
- Thread

Relevant Pages

Re: xinetd -> danted fails [repost]
... I've checked and rechecked the danted and xinetd docs and FAQs. ... > *inetd ready. ... > command line option for it, but the sites are down and the cached ... Since the port cannot be listened on by more ...
(comp.os.linux.networking)
Re: Changes to hosts.allow do no affect to inetd daemons some times
... A port scanner, like nmapwill show ... a log message from TCP wrappers showing that it denied access. ... According to you if the auth service is active while I change ... If you kill inetd entirely, then all of the ports managed by inetd ...
(freebsd-questions)
Re: Limiting filesize of a program running on port 80
... > service running on port 80. ... Using the tcp wrapper method via inetd ... > special filesystem you create for the purpose. ... finite sized file somewhere else on your disk. ...
(comp.os.linux.security)
Re: one physical interface, 3 virtual interfaces, and inetd
... A request will come in on a particular interface and port, ... 192.168.1.2:8037 and will invoke a program. ... Is there some way for a program invoked by inetd to get the connection ...
(comp.os.linux.networking)
Re: cant connect to ftp server
... Now I gather the problem is that the machine isn't listening on port ... which makes inetd log every connection to it and imposes some limits ... FTP uses both ports 20 and 21) and /etc/hosts.allow. ...
(freebsd-questions)