Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 Mar 1999 11:29:52 -0600
From:      Jeff Marker <marker@trolldom.oss.uswest.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: xinetd vs. tcp_wrappers 
Message-ID:  <19990326173014.D56941558B@hub.freebsd.org>
In-Reply-To: Your message of "Sat, 27 Mar 1999 04:18:24 %2B1200." <199903261618.EAA16015@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 27 Mar 1999 04:18:24 +1200  andrew@squiz.co.nz wrote:
>
>marker@trolldom.oss.uswest.net said:
>> My understanding is that xinetd is meant to be a complete replacement
>> for the inetd/tcp_wrappers bunndle. As such, it is expected to have
>> the functionality of both. I have, however, been unable to get xinetd
>> to
>> 
>> 	1) send me mail when someone touches my machines in a
>> 	   way i've not said is ok,
>
>Supposing someone is sniffing your network, and you are reading your
>mail from another machine, does this mail give away any otherwise
>unknown information a bout the configuration of the machine?

It does give away some unknowns, because the person sniffing then
knows that the machine in question has some sort of defense. The mail
that i get looks something like this (stripping out most of the
headers):

	From: somename@example.com
	To: admin@example.com
	Subject: service-probing-host.example.org

	 [probing-host@example.org]
	 (finger info from said host)

The headers will contain the address of the machine which generated
the mail in a "Received" line. Otherwise, the information that is sent
is the info for the host which is doing the probing.

Theoreticly, the person doing the sniffing could be doing the probing
as well, which would give her/him an idea of which services i have
wrapped.

I feel that this information i may be leaking via the mail is a fair
trade-off for the early notification i receive of a potential attack
(the mail i get also goes to my pager). Others may (will) feel
differently.


Jeff

P.S. I'd like to apologize to Sheldon and the list for giving general
responses on a FreeBSDcentric list. Sheldon: the incorporation of
tcp_wrappers into the base system is going to save me a whole boatload
of time in the future.

#include <stddisclaim.h>  /* i speak only for myself, not my employer */

-- 
   Jeff Marker                      US West Internet Services Operations
   Security Guy                     600 Stinson Blvd.
   marker@uswest.net                Minneapolis, MN  55413-2620
      "Nowhere is the meaning of life so evident as in the floating disk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990326173014.D56941558B>