FW: [clug] SSH attack]

Andrew Pollock andrew-clug at andrew.net.au
Tue Jul 26 23:34:43 GMT 2005

On Tue, Jul 26, 2005 at 04:37:05PM +1000, Tony and Robyn Lewis wrote:
> Steve Walsh wrote:
> >but then if a machine is on
> >the big bad net and not running TCP wrapper ...I don't want to thing about
> >that.
> > 
> >
> I'll bite.
> I know TCP wrappers is good for limiting hosts, and limiting services.  
> Sounds like a well-tuned firewall will do this but better.
> Apart from redundancy (in case you bork your firewall), what does TCP 
> wrappers give you?

A few more sanity-checks that a straight packet-filtering firewall generally
won't. For example, you can ensure that a host's DNS is consistent, forward
and reverse, and deny access if it isn't (FWIW). You can also do ident-based
stuff (and that's not worth anything these days).

Have a read of hosts_access(5) for further edification.



More information about the linux mailing list