tcpwrappers
Mike Starke
plug-discuss@lists.plug.phoenix.az.us
Mon, 14 Oct 2002 21:17:53 -0500
Agreed. But, is it possible to compile with wrapper support
much like SSH? (i.e stand alone deamon, yet controlled
by hosts.allow/deny)
v/r
-Mike
Sun, Oct 13, 2002 at 09:38:15PM -0700, Digital Wokan wrote:
Apache is only under the control of /etc/hosts.allow|deny when you set it up
to start as an inetd service instead of in standalone mode. For a low use or
testing site, this may be okay, but it is a large bottleneck to high-usage
sites, where a firewall-based blocking solution would make more sense to use
against abusers.
On Thursday 10 October 2002 20:40, George Toft wrote:
> What makes you think Apache is not? Whe I was at the .com in LA, we had
> a script that analyzed Apache log files, and dropped the abuser's IP
> netowrk into /etc/host.deny for 48 hours. That locked him (and a chunk
> of his ISP) out so he couldn't redial and continue the attack.
>
> I know for a fact that SNMP is under tpc wrapper control - that was one
> of the biggest bitches to solve.
>
> SSH is also controlled by TCP wrappers - I use it as redundancy in case
> I make stupid typos and open SSH to my $EXTIF instead of my $INTIF. I
> did this, and I discovered it through looking at my logs.
>
> What I discovered two weeks ago about OpenLDAP was that LOCAL is not the
> same as 127.0.0.1. To every other service I have used in the last 6
> years it was, but noooo - not OpenLDAP.
>
> Anyway, it's called TCP wrappers, not inet wrappers, because it affects
> all TCP services. My hosts.allow file looks like this:
> ALL: LOCAL, 127.0.0.1, 192.168.55.
> which supports my LDAP, MySQL, Apache and DNS servers. The 192.196.55
> LAN is another interface that needs DNS and HTTP services.
>
> George
>
> Mike Starke wrote:
> > Years ago, I seem to recall that the only services
> > under control of hosts.allow & hosts.deny were those
> > under inetd (/etc/inetd.conf).
> >
> > I just spent the past hour trying to figure out why I couldn't
> > connect to my new ldap server from a remote site; come to find
> > out all I needed was a simple entry in /etc/hosts.allow Being that
> > slapd runs as a deamon, I stared at my slapd.conf file and couldn't
> > find any reason why a connection was denied.
> >
> > Simple question: How does one know when a service is under
> > tcpwrappers? Apache & Bind are not, what should have made
> > me think slapd was?
> >
> > v/r
> > Mike
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss