From owner-freebsd-hackers Wed Jun 19 11:39:04 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA08178 for hackers-outgoing; Wed, 19 Jun 1996 11:39:04 -0700 (PDT) Received: from filitov.isf.rl.af.mil (FILITOV.ISF.RL.AF.MIL [128.132.64.25]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA08170 for ; Wed, 19 Jun 1996 11:39:00 -0700 (PDT) Received: (from green@localhost) by filitov.isf.rl.af.mil (8.7.3/8.7.3) id OAA09463 for hackers@freebsd.org; Wed, 19 Jun 1996 14:37:38 -0400 (EDT) Resent-Message-Id: <199606191837.OAA09463@filitov.isf.rl.af.mil> Resent-From: green@filitov.isf.rl.af.mil (Charles Green) Resent-Date: Wed, 19 Jun 1996 14:37:37 +1000 X-Mailer: Mail User's Shell (7.2.4 2/2/92) Resent-To: hackers@freebsd.org Received: from brimstone.netspace.org ([128.148.157.143]) by filitov.isf.rl.af.mil (8.7.3/8.7.3) with ESMTP id XAA27905 for ; Tue, 18 Jun 1996 23:36:57 -0400 (EDT) Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <23765-75>; Tue, 18 Jun 1996 23:38:08 -0500 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id XAA29825; Tue, 18 Jun 1996 23:37:07 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with spool id 22471 for BUGTRAQ@NETSPACE.ORG; Tue, 18 Jun 1996 23:24:53 +2000 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id XAA28693 for ; Tue, 18 Jun 1996 23:22:28 -0400 Approved-By: ALEPH1@UNDERGROUND.ORG Received: from ice.fit.qut.edu.au (ice.fit.qut.edu.au [131.181.2.9]) by netspace.org (8.7/8.6.12) with ESMTP id TAA11967 for ; Tue, 18 Jun 1996 19:54:35 -0400 Received: from localhost (meilak@localhost) by ice.fit.qut.edu.au (8.7.5/8.7.3) with SMTP id JAA00470; Wed, 19 Jun 1996 09:54:29 +1000 (EST) X-Authentication-Warning: ice.fit.qut.edu.au: meilak owned process doing -bs MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Approved-By: Mr Brian Meilak Message-ID: Date: Wed, 19 Jun 1996 09:54:27 +1000 Reply-To: Mr Brian Meilak From: Mr Brian Meilak Subject: a shameless plug for RIIS X-To: firewalls@greatcircle.com To: Multiple recipients of list BUGTRAQ Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >From the README: Replacement Internal Inetd Services =================================== This small package contains replacement daemons for the 'trivial' services provided by the inetd(8) super server. These services are: echo RFC 862 discard RFC 863 chargen RFC 864 daytime RFC 867 time RFC 868 TCP and UDP versions are available. The benefit of these daemons is that you can replace the internal inetd(8) service daemons with ones that can then be wrappered by the tcp wrappers program(See Related Software). This can provide you with an early warning system against intruders probing these 'standard' ports while still providing these services to allowed hosts. It also helps you know what's going on on your network. To defend against looping attacks on the host or between hosts, the UDP versions have a command line parameter to specify the tests that will be made on the reply port to see if it is a possible loop. The offending connection, IP addresses and port numbers are logged via syslog(3). The following tests are available: Option Description ------ ----------- 0 No reply UDP port checking is done. All requests are accepted. 1 Reject if reply UDP port is an internal services port ie: echo/discard/time/daytime/chargen 2 Reject if reply UDP port < 1024 3 Reject if reply UDP port is known by getservbyport(). getservbyport() gets its information from the file /etc/services (and yellowpages/NIS if running). (Do a "man getservbyport" to find out where your system gets its port information) 4 Reject if reply UDP port < 1024 AND reply UDP port is known by getservbyport(). 5 Reject if reply UDP port < 1024 OR reply UDP port is known by getservbyport(). 6 Reject all requests and therefore log information about the connection. Distribution ============ The package can be found at: ftp://ftp.fit.qut.edu.au/pub/security/riis.tar ftp://ftp.fit.qut.edu.au/pub/security/riis.tar.gz regards brian ----- Brian Meilak E-Mail: B.Meilak@fit.qut.edu.au Senior Systems Programmer WEB : http://www.fit.qut.edu.au/staff/~brian Faculty of Information Technology _--_|\ Queensland University of Technology / QUT Box 2434, Brisbane 4001, AUSTRALIA \_.--._/ Room ITE616 Phone: +61 7 3864-2757 Fax: 3864-1959 v