From owner-freebsd-security Tue Aug 15 9:15:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id 5EB9F37BE17 for ; Tue, 15 Aug 2000 09:15:26 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 89034 invoked by uid 1000); 15 Aug 2000 16:15:25 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Aug 2000 16:15:25 -0000 Date: Tue, 15 Aug 2000 11:15:25 -0500 (CDT) From: Mike Silbersack To: Ryan Kelley Cc: Alex Popa , freebsd-security Subject: RE: xinetd versus inetd In-Reply-To: <39B6595C@netfin6.bc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Aug 2000, Ryan Kelley wrote: > I could be wrong (it's happened before) but as far as i know the main > difference is that inetd is subject to DoS attacks, as it will suck up as much > memory as it wants filling requests. xinetd prevents against this. on a > semi-related note, where's tcpserver in this equation, and is anyone running > non-qmail services in tcpserver? > -ryan I used to run tcpserver, but soon realized that xinetd could perform all the same important functions, and was much easier to configure. I don't think any modern inetd is as susceptible to resource exhaustion attacks as the tcpserver page will lead you to believe, but running xinetd does seem wise, as you can tune the various resource limits quite exactly. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message