Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Mar 1999 14:40:13 -0600
From:      Jeff Marker <marker@trolldom.oss.uswest.net>
To:        freebsd-security@freebsd.org
Subject:   Re: xinetd vs. tcp_wrappers 
Message-ID:  <19990325204041.951BF15371@hub.freebsd.org>
In-Reply-To: Your message of "Thu, 25 Mar 1999 15:02:19 EST." <4.1.19990325145000.00b63100@mason.gmu.edu> 

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Mar 1999 15:02:19 -0500  egault@gmu.edu wrote:
>I found plenty of information on tcp_wrappers and one Web site with 
>information on xinetd (http://xinetd.synack.net) but what I couldn't
>find (and what I'm most interested in) was opinions from
>knowledgeable folks about what the "best" way to replace or deal with
>inetd is.  Anybody have strong feelings about this?  

I'm sure that a lot of people have strong feelings about it. :) I
don't, really. Will that invalidate my response?

>I sense tcp_wrappers is in widespread use but I couldn't get a feel
>for how widespread use of xinetd is.  What do most security savvy
>system administrators use?

I'd have to guess that "most" use tcp_wrappers, because it's been
around for a good while. I use both, but not together (there's a patch
to xinetd that allows tcp_wrappers to be used, but i've not installed
it.)

My understanding is that xinetd is meant to be a complete replacement
for the inetd/tcp_wrappers bunndle. As such, it is expected to have
the functionality of both. I have, however, been unable to get xinetd
to

	1) send me mail when someone touches my machines in a
	   way i've not said is ok,
	2) do the "twisting" of the connection to a different
	   service/host.

However, i've not spent a whole lot of time at it, either.

Xinetd is nice because it can limit the number of instances of a
specific service.

I think that i favor tcp_wrappers a little, but not enough to take
sides in a holy war, or even enough to really press for it.


Hope i've made some sense.


Jeff

#include <stddisclaim.h>  /* i speak for myself, not my company */
-- 
   Jeff Marker                      US West Internet Services Operations
   Former UNIX Guy                  600 Stinson Blvd.
   marker@uswest.net                Minneapolis, MN  55413-2620
                   "I claim only to be accurate, not right."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990325204041.951BF15371>