[Snort-users] Wrappers

Skip Carter skip at ...1552...
Tue Nov 6 13:29:07 EST 2001


> Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
> have found on RedHat 7.x systems that using these files to regulate SSH
> connections works quite well.
> 
> Adding to hosts.deny:
> ALL: ALL
> 
> Will indeed stop SSH connections as well as everything else that uses
> these wrappers (least for me it does!)
> 
> I add:
> SSHD:  Some.IP.Range. or.some.ip.address
> 
> to hosts.allow and I get access once more.
> 
> I may be far off base here - but it indeed works in my case. Give it a
> try. May work for you also. And possibly some kind soul can explain why
> SSH is regulated this way without being added to any conf file ...

  With the appropriate entry in inetd.conf or /etc/xinetd.d   SSH and
  httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of
  the Linux distro).  BUT, in both of these cases there is a significant
  program startup overhead involved, so its really not a very good idea
  for these programs unless these startup delays can be tolerated in
  your network environment.
 

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            















More information about the Snort-users mailing list