Date: Fri, 26 Mar 1999 11:29:52 -0600 From: Jeff Marker <marker@trolldom.oss.uswest.net> To: freebsd-security@FreeBSD.ORG Subject: Re: xinetd vs. tcp_wrappers Message-ID: <19990326173014.D56941558B@hub.freebsd.org> In-Reply-To: Your message of "Sat, 27 Mar 1999 04:18:24 %2B1200." <199903261618.EAA16015@aniwa.sky>
index | next in thread | previous in thread | raw e-mail
On Sat, 27 Mar 1999 04:18:24 +1200 andrew@squiz.co.nz wrote:
>
>marker@trolldom.oss.uswest.net said:
>> My understanding is that xinetd is meant to be a complete replacement
>> for the inetd/tcp_wrappers bunndle. As such, it is expected to have
>> the functionality of both. I have, however, been unable to get xinetd
>> to
>>
>> 1) send me mail when someone touches my machines in a
>> way i've not said is ok,
>
>Supposing someone is sniffing your network, and you are reading your
>mail from another machine, does this mail give away any otherwise
>unknown information a bout the configuration of the machine?
It does give away some unknowns, because the person sniffing then
knows that the machine in question has some sort of defense. The mail
that i get looks something like this (stripping out most of the
headers):
From: somename@example.com
To: admin@example.com
Subject: service-probing-host.example.org
[probing-host@example.org]
(finger info from said host)
The headers will contain the address of the machine which generated
the mail in a "Received" line. Otherwise, the information that is sent
is the info for the host which is doing the probing.
Theoreticly, the person doing the sniffing could be doing the probing
as well, which would give her/him an idea of which services i have
wrapped.
I feel that this information i may be leaking via the mail is a fair
trade-off for the early notification i receive of a potential attack
(the mail i get also goes to my pager). Others may (will) feel
differently.
Jeff
P.S. I'd like to apologize to Sheldon and the list for giving general
responses on a FreeBSDcentric list. Sheldon: the incorporation of
tcp_wrappers into the base system is going to save me a whole boatload
of time in the future.
#include <stddisclaim.h> /* i speak only for myself, not my employer */
--
Jeff Marker US West Internet Services Operations
Security Guy 600 Stinson Blvd.
marker@uswest.net Minneapolis, MN 55413-2620
"Nowhere is the meaning of life so evident as in the floating disk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990326173014.D56941558B>