From owner-freebsd-security  Tue Nov 27 10:47:50 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97])
	by hub.freebsd.org (Postfix) with ESMTP id A4B6037B417
	for <security@FreeBSD.ORG>; Tue, 27 Nov 2001 10:47:43 -0800 (PST)
Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115])
	by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA16594;
	Tue, 27 Nov 2001 13:48:53 -0500
Received: from localhost (mitch@localhost)
	by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA31481;
	Tue, 27 Nov 2001 13:47:42 -0500
X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs
Date: Tue, 27 Nov 2001 13:47:42 -0500 (EST)
From: Mitch Collinsworth <mitch@ccmr.cornell.edu>
To: Adam Laurie <adam@algroup.co.uk>
Cc: Tom Beer <mailings@analogon.com>, security@FreeBSD.ORG
Subject: Re: Amanda - inetd
In-Reply-To: <3C03D8EF.58AF9BF9@algroup.co.uk>
Message-ID: <Pine.LNX.4.10.10111271344530.988-100000@ruby.ccmr.cornell.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 27 Nov 2001, Adam Laurie wrote:

> Tom Beer wrote:
> > 
> > I'm planning to install amanda (remote backup
> > solution) on a freebsd box as a client. Unfourtunately
> > amanda needs inetd, which I don't want to start
> > for security reasons. Even not tcpwarrped.
> > Is there a way to bring my ppp dialup connection
> > down, start inetd, start amanda, ending inetd after
> > the backup and starting my ppp connection
> > again? Or is there a better solution?
> 
> use xinetd and bind amanda's service only to loopback. oh, and make sure
> your loopback is protected against remote routing. ipfw in "open" mode
> will do this if you're not already running a firewall anyway.

He said amanda client.  This means an amanda server will come
calling to initiate the client's backups.  This means the amanda
port on the client needs to be accessible to the amanda server.
Your solution is not 'better', it's 'nonsense'.

-Mitch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message