"Michael Ju. Tokarev" wrote:
> The good old inetd daemon have a "good" old disadvantages
> some of that are avoided by tcp_wrappers for now. But some are
> not.
I personally like xinetd better. It is like inetd and tcp_wrappers
all rolled into one, plus more.
> Them comes from security considerations.
> Excellent book by Kurt Seifried (http://www.seifried.org/lasg)
> says a lot about security and recommends to use firewalling
> rules to block packets from outside world for services run
> from inetd. This is a bit hard for kernel (as Kurt sayd and
> I agree with him).
This is very easy for the kernel. Look at ipchains (or ipfwadm
for older kernels). Works extremely well for me with almost no loss
of throughput.
Also, enhancing inetd alone does not limit packets coming into the
machine. You need to do filtering to avoid many attacks.
It is much easier to avoid being robbed when the burglars are not already
in your house :)
--
Andrew E. Mileski - Software Engineer
Rebel.com http://www.rebel.com/
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
