Date: Thu, 25 Mar 1999 14:40:13 -0600 From: Jeff Marker <marker@trolldom.oss.uswest.net> To: freebsd-security@freebsd.org Subject: Re: xinetd vs. tcp_wrappers Message-ID: <19990325204041.951BF15371@hub.freebsd.org> In-Reply-To: Your message of "Thu, 25 Mar 1999 15:02:19 EST." <4.1.19990325145000.00b63100@mason.gmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Mar 1999 15:02:19 -0500 egault@gmu.edu wrote: >I found plenty of information on tcp_wrappers and one Web site with >information on xinetd (http://xinetd.synack.net) but what I couldn't >find (and what I'm most interested in) was opinions from >knowledgeable folks about what the "best" way to replace or deal with >inetd is. Anybody have strong feelings about this? I'm sure that a lot of people have strong feelings about it. :) I don't, really. Will that invalidate my response? >I sense tcp_wrappers is in widespread use but I couldn't get a feel >for how widespread use of xinetd is. What do most security savvy >system administrators use? I'd have to guess that "most" use tcp_wrappers, because it's been around for a good while. I use both, but not together (there's a patch to xinetd that allows tcp_wrappers to be used, but i've not installed it.) My understanding is that xinetd is meant to be a complete replacement for the inetd/tcp_wrappers bunndle. As such, it is expected to have the functionality of both. I have, however, been unable to get xinetd to 1) send me mail when someone touches my machines in a way i've not said is ok, 2) do the "twisting" of the connection to a different service/host. However, i've not spent a whole lot of time at it, either. Xinetd is nice because it can limit the number of instances of a specific service. I think that i favor tcp_wrappers a little, but not enough to take sides in a holy war, or even enough to really press for it. Hope i've made some sense. Jeff #include <stddisclaim.h> /* i speak for myself, not my company */ -- Jeff Marker US West Internet Services Operations Former UNIX Guy 600 Stinson Blvd. marker@uswest.net Minneapolis, MN 55413-2620 "I claim only to be accurate, not right." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990325204041.951BF15371>