[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Help?

Subject: Re: [cobalt-users] Help?
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Mon Aug 7 09:13:26 2000
Organization: Rechtsanwalt

Kris Dahl schrieb:

> Did you add it to all ports?  The hosts.deny file is for all services--the
> computer can completely ignore all traffic from a host in the deny file.

that`s not 100% right :it affects only services started by inetd via
tcpwrappers :

Operation is as follows: whenever a  request  for  service
       arrives, the inetd daemon is tricked into running the tcpd
       program instead of  the  desired  server.  tcpd  logs  the
       request and does some additional checks. When all is well,
       tcpd runs the appropriate server program and goes away.
(from : man tcpd)

this DOES NOT affect e.g. apache, as it is configured by default as a
standalone server (not started via inetd), sendmail, sshd if run by
shell command or via rc.local.

if you want to affect ALL services, in my opinion the most simple way is
rejecting it using the kernel`s routing table. so arriving packets from
that ip are just "thrown away". i don`t know if this is possible using
hostnames, though. that would be a firewalling job.

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

A problem to some is a 'feature' to others.

Follow-Ups:
- Re: [cobalt-users] Help?
  - From: Kris Dahl
- Re: [cobalt-users] Help?
  - From: Henry J. Cobb

References:
- Re: [cobalt-users] Help?
  - From: Kris Dahl

Prev by Date: Re: [cobalt-users] [Qube 2] Restore CD
Next by Date: Re: [cobalt-users] [Qube 2] Restore CD
Previous by thread: Re: [cobalt-users] Help?
Next by thread: Re: [cobalt-users] Help?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index