> > > block their networks... either at the router, ipchains or
> > > hosts.deny (although the last one won't protect against dns, ssh, http
> > > and everything outside inetd.conf...)
> >
> > Not quite true IIRC, OpenSSH as built by Cobalt does support use of
> > tcp-wrappers, which is very useful and so worth noting.
<snip>
> I meant the defaults...
Fair enough, and a good point.
> the general idea was that it doesn't entirely block everything (and
> from all the list, ssh has the least chance to be a problem, i think)
I should agree, but that has a "famous last words" ring about it :)
--
Nick Drage - Security Architecture - Demon Internet - Thus PLC
"A chieftain who asks the wrong questions always
hears the wrong answers"
Leadership Secrets of Attila the Hun
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
