• Next message: Guru Aleph_Null: "Re: Exaggeration of X11 RAM usage (was Re: Coherent vs. Linux - a comparo)"
• Previous message: Arjan de Vet: "Re: more about INN...small problem:("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: wswietse@svin09.info.win.tue.nl (Wietse Venema)
Subject: Re: tcp_wrapper....doesn't work..:( ??
Date: 22 Jun 1993 01:00:21 +0200

lxt18@po.CWRU.Edu (Livia Takacs) writes:

>I have been tyring to install the tcp-wrapper program for the last two weeks
>with out much success..:( it has a straight forward and simple installation,
>but it fails to detect that it is loaded..:( .

Well, nothing is supposed to happen by default.

The primary function of the wrapper is to just record events: systems
that attempt to connect to your finger etc. daemons. This information
is passed on to your syslog daemon. What ultimately happens with the
information depends on how your syslog.conf file has been set up. By
default, the events are logged just like sendmail events (mail.info).

The second function of the wrapper is to restrict the systems that can
connect to your network daemons. Normally, every joker on the net can
connect to your telnetd and bang away at your login: prompt until she
gets tired of it. The wrapper allows you to only accept connections
from "good" sites, or to reject connections only from known "bad"
sites. The restrictions can depend on the network service. By default,
there are no restrictions. You have to define them with the hosts.allow
and hosts.deny files. Their format is described in the hosts_access.5
manual page.

The third function is to set up booby traps. This is not for the faint
of heart. By default, the wrapper does not implement booby traps.
Examples of booby traps are given in the hosts_access.5 manual page.

As you may have guessed, the program was developed while fighting a
malicious cracker. An account of that episode (with examples) can be
found in ftp.win.tue.nl:/pub/security/tcp_wrapper.{txt,ps}.Z. This
paper also appeared in the USENIX Security III proceedings.

If you have any questions about my wrapper, please contact me at the
mail address given in the source (wietse@wzv.win.tue.nl). I am posting
from a different machine because wzv.win.tue.nl is a home UNIX box that
does not receive comp.os.linux. No offense meant.

        Wietse

• Next message: Guru Aleph_Null: "Re: Exaggeration of X11 RAM usage (was Re: Coherent vs. Linux - a comparo)"
• Previous message: Arjan de Vet: "Re: more about INN...small problem:("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]