> >So why many people and security guides still suggest the use of tcpd > >over simple iptables rules? > > Not sure, maybe this pros > - if you forget to start your iptables script your ports are open > - you can check with 'PARANOID' whether hostname and ip record match >
This could end up being a very interesting thread. Iptables is nice because it is at kernel level, if someone were to try to hack it so that your Iptables commands were ignored then they would need to be able to reboot the box, something that you would probably notice in a managed environment. Tcpd runs in userspace, so given root access is a lot easier to compromise the executable. Just my 2c NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments, hyperlinks, or any other files of any kind is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (+44-1865-265500) or by a reply to this electronic mail message and delete this message and all copies and backups thereof. -- [email protected] mailing list
