Re: xinetd and hosts.allow

From: Aaron Konstam (akonstam_at_trinity.edu)
Date: 04/18/04

  • Next message: Aaron Konstam: "Re: xinetd and hosts.allow"
    Date: Sat, 17 Apr 2004 18:35:01 -0500
    To: For users of Fedora Core releases <fedora-list@redhat.com>
    
    

    On Sat, Apr 17, 2004 at 11:35:50AM -0400, Jay Daniels wrote:
    > I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work.
    >
    > /etc/hosts.allow
    > #
    > # hosts.allow This file describes the names of the hosts which are
    > # allowed to use the local INET services, as decided
    > # by the '/usr/sbin/tcpd' server.
    > #
    >
    >
    > ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org, my_static_ip_here
    >
    The LOCAL should not be there.

    > # allow ssh connection from dialup@myisp disabled until resolved.
    > #sshd: 209.164.234.0/255.255.255.0
    >
    > /etc/hosts.deny
    > ALL: ALL
    >
    >
    > I have tried several combination in hosts.allow and restarted xinetd,
    > but when I have the above lines uncommented I cannot send any mail via
    > smtp port 25 from localhost!
    >
    > Any ideas?
    >
    > This may all be redundant since the firewall is suppose to block
    > specified connections to these ports, but I was thinking tcp wrappers
    > would add to the security?
    >
    > Also, I am still unclear how to edit /etc/hosts and my hosts file may
    > have something to do with it.
    >
    > $ cat /etc/hosts
    > # Do not remove the following line, or various programs
    > # that require network functionality will fail.
    > 127.0.0.1 localhost.localdomain localhost
    > 192.168.2.1 darkforce.darktech.org darkforce #me
    > 192.168.2.12 darkstar.darktech.org darkstar #my laptop
    > 64.246.60.114 cobra.python-hosting.com cobra #my hosting
    >
    > Should I have my gateway ip address in place of the 192.164.2.1? How
    > does tcp wrappers distinguish between eth0 and eth1?
    >
    > Note that I can leave hosts.allow and hosts.deny blank and all is
    > well, I can send mail from localhost, etc.
    >
    > Is this even necessary if my firewall is working properly by allowing
    > connections from my local net and blocking certain connections from my
    > inet interface?
    >
    >
    >
    > jay
    >
    >
    > --
    > fedora-list mailing list
    > fedora-list@redhat.com
    > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

    -- 
    -------------------------------------------
    Aaron Konstam
    Computer Science
    Trinity University
    One Trinity Place.
    San Antonio, TX 78212-7200
    telephone: (210)-999-7484
    email:akonstam@trinity.edu
    -- 
    fedora-list mailing list
    fedora-list@redhat.com
    To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
    

  • Next message: Aaron Konstam: "Re: xinetd and hosts.allow"

    Relevant Pages

    • RE: xinetd and hosts.allow
      ... I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work. ... connections to these ports, but I was thinking tcp wrappers would add to ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list --- ...
      (Fedora)
    • xinetd and hosts.allow
      ... I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work. ... I am still unclear how to edit /etc/hosts and my hosts file may ... connections from my local net and blocking certain connections from my ...
      (Fedora)
    • Re: How secure is inetd nowadays?
      ... There is no predefined limit to the number of instances, in this case, an attacker can open thousands of connections resulting in thousands of processes. ... And no, xinetd won't necessarily save you, although it may provide you with some configuration options you can set that will help. ... In certain ways, inetd is superior to xinetd, and preferable. ...
      (comp.os.linux.security)
    • [UNIX] Xinetd Memory Leaks
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Xinetd allows remote attackers to cause the program to ... leak memory, by causing enough memory leakage a computer running Xinetd ... It created> 5000 connections in 1 second. ...
      (Securiteam)
    • Re: Changes to hosts.allow do no affect to inetd daemons some times
      ... updating /etc/hosts.allow and changing rules for ftpd won't take affect on ... >> inetd, there is no difference. ... > You are probably seeing the effect of persistent connections: ... > Note that long running services with the TCP wrappers functionality ...
      (freebsd-questions)