FW: [clug] SSH attack]
Andrew Pollock
andrew-clug at andrew.net.au
Tue Jul 26 23:34:43 GMT 2005
On Tue, Jul 26, 2005 at 04:37:05PM +1000, Tony and Robyn Lewis wrote:
> Steve Walsh wrote:
>
> >but then if a machine is on
> >the big bad net and not running TCP wrapper ...I don't want to thing about
> >that.
> >
> >
>
> I'll bite.
>
> I know TCP wrappers is good for limiting hosts, and limiting services.
> Sounds like a well-tuned firewall will do this but better.
>
> Apart from redundancy (in case you bork your firewall), what does TCP
> wrappers give you?
>
A few more sanity-checks that a straight packet-filtering firewall generally
won't. For example, you can ensure that a host's DNS is consistent, forward
and reverse, and deny access if it isn't (FWIW). You can also do ident-based
stuff (and that's not worth anything these days).
Have a read of hosts_access(5) for further edification.
regards
Andrew
More information about the linux
mailing list