Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: wildcards in /etc/hosts.deny

On Fri, 23 Oct 1998, Stephen J. Turnbull wrote:

> (1) the syntax for resolver is arcane.  It is possible to get yourself
>     spoofed in some cases if you have a domain search path in
>     /etc/hosts.conf.  I don't know if tcp-wrappers checks for it, but
>     it may be useful to terminate those with periods:
> 
>     ALL: .goo.ne.jp.
>     ALL: .melco.co.jp.
> 
>     I have no idea how to test this, and I bet the docs are extremely
>     unclear, so somebody might have to read the source to figure it
>     out.  (Don't ask me which source, either.)

I know how to test it.  block 'pht.com' and I'll test it from PHT's mail
server in the USA.

> 
> (2) Look at inetd.conf and check for services which _don't_ use
>     tcp-wrappers (no tcpd); look in /etc/init.d for services that get
>     started but don't used inetd.

BTW, inetd can be synflooded pretty easily, or so my friend in China says.
xinetd is much, much MUCH better.  it's also faster and has a better
configuration file format, IMHO.  Are we using xinetd on the tlug server
now?  We should be...

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links