Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!sgigate.sgi.com!nntp.coast.net!news.kei.com!news.mathworks.com!uunet!in2.uu.net!shemesh.tis.com!dira.rv.tis.com!not-for-mail From: mark@dira.rv.tis.com (Mark Sienkiewicz) Newsgroups: comp.unix.bsd.misc Subject: Re: Tcp Wrappers Date: 12 Jul 1996 12:23:32 -0400 Organization: Trusted Information Systems Lines: 25 Message-ID: <4s5u64$m4d@dira.rv.tis.com> References: <31E63862.36A2@soonet.ca> Reply-To: mark@tis.com NNTP-Posting-Host: relay.tis.com In article <31E63862.36A2@soonet.ca>, Don Joy <joydon@soonet.ca> wrote: >I'm using bsd 2.1 and i'm running tcp wrapper to limit who can access >services, especially telnet. It works great except if someone telnets >in using a port parameter such as "telnet host 119". In this case, the >access list seems to be bypassed entirely and they are givin access >where they wouldn't normally have been. Anyone have a workaround for >this. Thanks. The tcp wrappers work by replacing the service listening on a particular port. For example, telnet service is on port 23. You place a tcp wrapper on port 23, it recieves the connection, checks it, and if it likes it, runs the telnet daemon. It doesn't get involved at all for other services. If you want to protect other services, you also have to install a tcp wrapper for them. For example, you could refuse mail from a particular site by installing a tcp wrapper on port 25 and having it run sendmail (with the appropriate flags to make it handle a SMTP transaction on it's standard input). I don't know if the NNTP (port 119) server you are using has a similar feature, but filtering features exist in every NNTP implementation I've ever seen. (e.g. you can configure who can read news from your machine.)