Date: Thu, 31 Jul 1997 12:57:12 -0300 From: "Mario Sergio Fujikawa Ferreira" <lioux@gns.com.br> To: <isp@FreeBSD.ORG>, "Lyle Evans" <evansl@blacksburg.net> Subject: Re: xinetd vs TCP wrappers which is better? Message-ID: <199707311624.NAA17927@srv1-bsb.gns.com.br>
next in thread | raw e-mail | index | archive | help
Dear Mr Evans, > There are two packages with seemingly similar function > xinetd and tcpd (TCP wrappers). Am I correct in that they do essentially > the same thing? Is there any advantage to using one over the other in > 2.1.7 environment? Differences in resource utilization or security? > Pros or Cons. Let's see how to start: The resource utilization is a bit (very little) higher with xinetd. They do essentially the same job. However, there are pro and cons to each of them. Which are the main differences? Xinetd: has control over concurrency (no DOS-attacks); holds control over already started daemons (stop, reconfigure ...); Tcp-Wrappers: has a twist feature that's very useful. You can choose which flavor of a particular daemon will answer a request based on the requester address. Also, by building libwrap.a into some softwares, you can enhance their security levels. Other features are common to each of them. What about using them together? I do. You need to setup tcp-wrappers with the real_daemon feature. Then, you setup xinetd as usual, yet using the tcp-wrappers daemon instead of the real daemons. You are set. You've got yourself a very good inetd replacement and a good place to concentrate your access/deny control rules. For better information, email me privately. Regards, Mario Ferreira. ---- System Administrator - SysAdm@gns.com.br Technical Advising/Consulting - Mario.Ferreira@gns.com.br Personal - Lioux@gns.com.br Lioux@linf.unb.br GNS - Global Network Solutions Tec. Ltda http://www.gns.com.br/ ----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707311624.NAA17927>