[1061] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] inetd and denial-of-service

daemon@ATHENA.MIT.EDU (Sam Quigley)
Sat Aug 24 19:18:40 1996

Date: Thu, 22 Aug 1996 10:46:20 -0700 (PDT)
From: Sam Quigley <poodge@econ.Berkeley.EDU>
To: shagboy@bluesky.net
cc: Joel Maslak <j@pobox.com>,
        Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <Pine.LNX.3.91.960821225700.133A-100000@cirrus.bluesky.net>



On Wed, 21 Aug 1996, Racer X wrote:

> > 2.  Block access to all ports except from "trusted sites".  This assumes a
> > open environment where the network medium is generally trusted.  Note that
> > IP spoofing attacks can occur if the network is not trusted.
> 
> This can be done with TCP wrappers.
> 
> [REW: Not quite. If inetd drops the port, tcpd won't get started.
> Another problem is that a tcpd is started for every connection. This
> means that state would have to be passed by files, creating locking
> problems etc etc. -> Not trivial. Inetd seems fine to me.]

I don't know a whole hell of a lot about xinetd, but I do know that it 
allows some sort of control over connections in the same style that TCP 
wrappers does.  Perhaps xinetd would be a good solution for this?

-sq

home help back first fref pref prev next nref lref last post