From owner-freebsd-isp Fri Jan 17 18:45:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id SAA16638 for isp-outgoing; Fri, 17 Jan 1997 18:45:27 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id SAA16626 for ; Fri, 17 Jan 1997 18:45:16 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id NAA06572; Sat, 18 Jan 1997 13:59:15 +1100 (EST) Date: Sat, 18 Jan 1997 13:59:14 +1100 (EST) From: "Daniel O'Callaghan" To: Christian Hochhold cc: freebsd-isp@freebsd.org Subject: Re: tcp_wrappers In-Reply-To: <199701180109.VAA06835@eternal.dusk.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 17 Jan 1997, Christian Hochhold wrote: > I have tcp wrappers running on my shell machine, with twist > so it displayes a nice message to any individual trying to > connect who is not in the hosts.allow file. > I've just found that hosts.allow doesn't like wildcards, as > one of my clients is part of another major ISP, and instead > of at least being able to just allow access to the pop where > he dials into, I now have to allow ALL the ISP's POP's to > connect. > Obivously this is a risk, in order to allow one person to > telnet in, I have to allow the whole nation to telnet in > as well. tcpd is only a first line defence, and not a complete defence. I would recommend installing sshd, and getting your client to use an ssh client. There is one for Windows, although it costs US$100. See www.datafellows.com. Alternatively, impose one-time passwords. Danny