*BSD News Article 73578


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!kithrup.com!news.Stanford.EDU!bloom-beacon.mit.edu!cambridge-news.cygnus.com!usenet-ma
From: Michael Graff <explorer@zhaneel.flame.org>
Newsgroups: comp.unix.bsd.misc
Subject: Re: Tcp Wrappers
Date: 13 Jul 1996 03:37:20 -0400
Organization: flame.org:  yes, we do know everything
Lines: 26
Message-ID: <v6u3vcioy7.fsf@zhaneel.flame.org>
References: <31E63862.36A2@soonet.ca>
NNTP-Posting-Host: zhaneel.flame.org
X-Newsreader: Gnus v5.2.33/Emacs 19.31

Don Joy <joydon@soonet.ca> writes:

I suspect you really don't know how TCP wrappers protect you at all.
(When you say ``bsd 2.1'' btw, are you really running FreeBSD or something
else?)

If your news server listens on port 119, for example, it will have to
do its own authentication.  The TCP wrappers simply get the first crack
at the things listed in inetd.conf, of which the standard port for telnet
is one of them.

I suggest you read the tcp wrapper documentation fully as soon as you can.

--Michael

> I'm using bsd 2.1 and i'm running tcp wrapper to limit who can access
> services, especially telnet.  It works great except if someone telnets
> in using a port parameter such as "telnet host 119".  In this case, the
> access list seems to be bypassed entirely and they are givin access
> where they wouldn't normally have been.  Anyone have a workaround for
> this.  Thanks.
> -- 
> Don Joy
> System Administrator
> SooNet Corp.
>