From owner-freebsd-security  Thu Dec 24 09:18:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA24202
          for freebsd-security-outgoing; Thu, 24 Dec 1998 09:18:33 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA24197
          for <freebsd-security@FreeBSD.ORG>; Thu, 24 Dec 1998 09:18:32 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.1/8.9.1) id JAA27944;
	Thu, 24 Dec 1998 09:18:20 -0800 (PST)
	(envelope-from dillon)
Date: Thu, 24 Dec 1998 09:18:20 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199812241718.JAA27944@apollo.backplane.com>
To: "Joseph T. Lee" <nugundam@la.best.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Do I really need inetd?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:On Thu, Dec 24, 1998 at 12:13:09AM -0500, Barrett Richardson wrote:
:> I have all my necessary network services running as daemons. In the
:> face of recent discoveries of problems caused for inetd by nmap
:> and various things I've come to the conclusion that I really don't
:> need inetd -- another variable I can eliminated from the mix.
:
:inetd centralizes the daemon management, besides providing some
:protection such as sandboxing said daemons instead of letting them all
:run as root as needed.
:
:In relation to the nmap thing, you can limit the number of daemon
:children/max connections per minute per IP through, to discourage DoS
:attacks.

    Many months ago I added a max-connections and max-rate capability to
    inetd.  The parameters can be specified globally or on a per-service
    basis.   'man inetd' for details.

					-Matt

:-- 
:Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\
:#        Anime Expo 1998        >> www.anime-expo.org/                      >
:#         Redline Games         >> www.redlinegames.com/                    >
:#      Cal-Animage Epsilon      >> www.best.com/~nugundam/epsilon/          >
:# EX: The Online World of Anime & Manga >> www.ex.org/                     /
:
:To Unsubscribe: send mail to majordomo@FreeBSD.org
:with "unsubscribe freebsd-security" in the body of the message
:

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message