[935] in linux-net channel archive
Re: telnet/ftp/rlogin/rsh not working between Linux machines. (fwd)
daemon@ATHENA.MIT.EDU (Arnt Gulbrandsen)
Sun Aug 20 06:50:41 1995
Date: Sun, 20 Aug 1995 03:47:01 +0200
From: Arnt Gulbrandsen <agulbra@troll.no>
To: urlichs@smurf.noris.de (Matthias Urlichs)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <414fjt$44j@smurf.noris.de> (by urlichs@smurf.noris.de)
> In fact, this is highly antisocial. tcpd should at least print a one-line
> "Sorry, login is disallowed from your machine". Or "Sorry, name server
> entries for <your.IP> are set up incorrectly -- login disallowed".
I rather agree, but understand that tcpd doesn't. How would tcpd know
what to print? An error message suitable for port 23 and one for port
514 wouldn't look very much alike.
> Besides, accepting and then immediately throwing away a connection is
> against quite a few RFCs. SMTP, FTP, NNTP, I can probably dig out a few
> others. :-/ Unless you configure tcpd to reject callers correctly,
> IMHO you shouldn't use it in the first place.
tcpd _does_ provide an option, twist, which can be used to start a
different program if the connection is from a banned host. But it can
never reject the connection - by the time it's started the connection
has been established. inetd could, I think, if there's any way to
getpeername() before one accepts the connection. There's a 12,000
line monster called xinetd which may does this right.
--Arnt
