From owner-freebsd-isp Thu Jul 31 09:25:18 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA18289 for isp-outgoing; Thu, 31 Jul 1997 09:25:18 -0700 (PDT) Received: from proxy-bsb.gns.com.br (LYSIjNUVblyk/GEvXpveuRP0I4mzJJOu@srv1-bsb.GNS.com.br [200.239.56.1]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id JAA18278 for ; Thu, 31 Jul 1997 09:25:05 -0700 (PDT) Received: (qmail 17971 invoked from network); 31 Jul 1997 16:24:45 -0000 Received: from unknown (HELO srv1-bsb.gns.com.br) (unknown) by unknown with SMTP; 31 Jul 1997 16:24:45 -0000 Received: (from mail@localhost) by srv1-bsb.gns.com.br (8.8.6/8.8.6) id NAA17927; Thu, 31 Jul 1997 13:24:31 -0300 (EST) Message-Id: <199707311624.NAA17927@srv1-bsb.gns.com.br> Received: from dl0223-bsb.gns.com.br(200.239.56.223) by srv1-bsb.gns.com.br via smap (V2.0) id xmaa17914; Thu, 31 Jul 97 13:23:33 -0300 From: "Mario Sergio Fujikawa Ferreira" To: , "Lyle Evans" Subject: Re: xinetd vs TCP wrappers which is better? Date: Thu, 31 Jul 1997 12:57:12 -0300 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1161 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Dear Mr Evans, > There are two packages with seemingly similar function > xinetd and tcpd (TCP wrappers). Am I correct in that they do essentially > the same thing? Is there any advantage to using one over the other in > 2.1.7 environment? Differences in resource utilization or security? > Pros or Cons. Let's see how to start: The resource utilization is a bit (very little) higher with xinetd. They do essentially the same job. However, there are pro and cons to each of them. Which are the main differences? Xinetd: has control over concurrency (no DOS-attacks); holds control over already started daemons (stop, reconfigure ...); Tcp-Wrappers: has a twist feature that's very useful. You can choose which flavor of a particular daemon will answer a request based on the requester address. Also, by building libwrap.a into some softwares, you can enhance their security levels. Other features are common to each of them. What about using them together? I do. You need to setup tcp-wrappers with the real_daemon feature. Then, you setup xinetd as usual, yet using the tcp-wrappers daemon instead of the real daemons. You are set. You've got yourself a very good inetd replacement and a good place to concentrate your access/deny control rules. For better information, email me privately. Regards, Mario Ferreira. ---- System Administrator - SysAdm@gns.com.br Technical Advising/Consulting - Mario.Ferreira@gns.com.br Personal - Lioux@gns.com.br Lioux@linf.unb.br GNS - Global Network Solutions Tec. Ltda http://www.gns.com.br/ ----