Date: Tue, 23 Jan 96 09:12:45 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: Mark Murray <mark@grondar.za> Cc: Nathan Lawson <nlawson@statler.csc.calpoly.edu>, security@FreeBSD.ORG Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601231712.JAA08922@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Tue, 23 Jan 96 08:27:30 %2B0200." <199601230627.IAA25371@grumble.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray <mark@grondar.za> wrote: > Nathan Lawson wrote: > > Secondly, I was wondering why the tcp_wrappers distribution didn't make it > > into the source tree instead of being a port. It's a pretty small program > > that hasn't received too many changes recently. It's very worthwhile and > > libwrap.a can be linked into portmap and ypserv a lot more easily (even > > making this the default, perhaps). > > I think this is a damn fine idea. Seconded. Any ISP who does not have > wrappers, and any user who does not consider their use when connecting > to the 'net has a serious problem. TCP/Wrapper only partially addresses the problem since it only protects TCP services run out of INETD. Many attackers go through Sendmail, while others probe portmapper. The IP firewall code is already there in the kernel. It doesn't really take much to configure it, even for services that pick random port numbers such as NFS and YP. For example, any time I dial into work or my friend's ISP service I automatically activate the IPFW code in the kernel to protect any services not covered by the TCP/Wrapper. Regards, Phone: (604)389-3827 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601231712.JAA08922>