[Snort-users] Wrappers

JPP jpp at ...1565...
Tue Nov 6 11:32:04 EST 2001


Hmmm

I do not post too often to these groups - mostly lurk and read and
learn. But this I have found to be a false assumption.

Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
have found on RedHat 7.x systems that using these files to regulate SSH
connections works quite well.

Adding to hosts.deny:
ALL: ALL

Will indeed stop SSH connections as well as everything else that uses
these wrappers (least for me it does!)

I add:
SSHD:  Some.IP.Range. or.some.ip.address

to hosts.allow and I get access once more.

I may be far off base here - but it indeed works in my case. Give it a
try. May work for you also. And possibly some kind soul can explain why
SSH is regulated this way without being added to any conf file ...

Regards!

JPP
FRWS/ePaxSys NetSolutions

http://www.frws.com
http://www.epaxsys.net

Kevin Brown wrote:
> 
> Yes, but TCP Wrappers will only protect those services that use it (i.e.
> telnet, ftp), but services like httpd, ssh and a boatload more do not rely
> on TCP wrappers will not be protected by you setting hosts.deny to ALL:ALL.
> 
> > -----Original Message-----
> > From: snortlst snortlst [mailto:snortlst at ...125...]
> > Sent: Tuesday, November 06, 2001 11:38
> > To: james; snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Wrappers
> >
> >
> > So basically what you're saying is that I can use DENY ALL in
> > wrappers and
> > still be able to successfully run snort,right?
> > ----- Original Message -----
> > From: "james" <the_saint_james at ...131...>
> > To: <snort-users at lists.sourceforge.net>
> > Sent: Tuesday, November 06, 2001 1:30 PM
> > Subject: Re: [Snort-users] Wrappers
> >
> >
> > > Wrappers control services  snort sniffs packets off the
> > card. I use very
> > > narrow wrappers, this does not effect Snort's
> > > reporting
> > >
> > > James Edwards
> > > jamesh at ...3784...
> > > At the Santa Fe Office: Internet at Cyber Mesa
> > > Store hours: 9-6 Monday through Friday
> > > Phone support 365 days till 10 pm via the Santa Fe office:
> > > 505-988-9200 or Toll Free: 888-988-2700
> > >
> > > ----- Original Message -----
> > > From: "snortlst snortlst" <snortlst at ...125...>
> > > To: <snort-users at lists.sourceforge.net>
> > > Sent: Tuesday, November 06, 2001 8:42 AM
> > > Subject: [Snort-users] Wrappers
> > >
> > >
> > > > On which layer snort inspects incoming traffic? If it
> > inspects it before
> > > > tcp/ip (like checkpoint firewall) then can I use tcp
> > wrappers and deny
> > all
> > > > traffic in tcp wrappers in order to secure linux machine?
> > > > thx.
> > > >
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list