Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: Now, ain't this really odd??!!
- To: tlug@example.com
- Subject: Re: tlug: Now, ain't this really odd??!!
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Mon, 31 Aug 1998 16:53:27 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <199808310716.QAA06304@example.com>
- References: <35E858D5.7500A179@example.com><Pine.LNX.3.96.980831103002.30725A-100000@example.com><13802.18366.45328.363799@example.com><199808310716.QAA06304@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
>>>>> "Matt" == Matt Gushee <matt@example.com> writes:
Matt> Hmm ... Steve knows a lot more about sys-adminning than I
Matt> do, but why not put
Matt> ALL: ALL
Matt> in /etc/hosts.deny, then specify a few friendly hosts in
Matt> /etc/hosts.allow? Unless it's important for people to be
Matt> able to telnet you as soon as you make their acquaintance on
Matt> IRC.
My, aren't we paranoid?
And we should be :-(
But why not?
(1) No incoming mail. OK if you're getting all your mail from an MX
somewhere.
(2) FTP must be passive. Not a problem most of the time.
(3) No IRC DCC. In fact, if you use an identd-using IRC server, no
IRC at all (unless it's on the friendly list; I don't know of any
useful server (== in California where my sister's provider has
hectobyte/sec or better transmission rates) that isn't full at
least 20% of the time, so that's hard to guarantee).
There are other net resources that may use ident or something like
that; sometimes they will deny access if they can't reach you. I
believe Apache can be configured that way, for example.
(4) Jim Tittsler will never display xroach on your system. (The look
on Craig's face I will never forget.) There are a few realtime
systems that use X connections, although they're becoming rarer.
But at bottom, personally, I prefer an open system. The
recommendation to block the rogue site is a response to clear and
present danger.
In the long run, probably a better solution than using tcpwrappers
(/etc/hosts.{allow,deny} is to use ipchains (the modern Linux
firewalling technology). (For the rogue) replacing the tcpd is easy,
hacking a running kernel is hard.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +1 (298) 53-5091
--------------------------------------------------------------
Next Nomikai: 18 September, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 10 October, Tokyo Station Yaesu central gate 12:30
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
- References:
- tlug: Now, ain't this really odd??!!
- From: Rafael Coninck Teigao <rct@example.com>
- Re: tlug: Now, ain't this really odd??!!
- From: Chris Sekiya <chris@example.com>
- Re: tlug: Now, ain't this really odd??!!
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: Now, ain't this really odd??!!
- From: Matt Gushee <matt@example.com>
- tlug: Now, ain't this really odd??!!
- Prev by Date: tlug: Linux Programmer Position
- Next by Date: tlug: SCSI cables and PCMCIA hosts
- Prev by thread: Re: tlug: Now, ain't this really odd??!!
- Next by thread: Re: tlug: IP control
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |