Antony Stone <[EMAIL PROTECTED]> wrote: > On Wednesday 12 June 2002 5:33 pm, Nathan Cassano wrote: > >> Well you learn something new every day. Today I learned inetd does ident >> checks on it's clients. > > Yes, it's called tcpwrappers, and has been pretty standard on systems for I'd > say about four years now :-)
That might not be true. Actually it depends on how the tcpwrappers are compiled. AFAIK the tcpwrappers are compiled with ident lookup by default but these are only done when you have a line like: in.ftpd: [EMAIL PROTECTED] in your hosts.access file. So in general the tcpwrappers do not do ident lookups. >> This is annoying, is there a way you can turn >> this off inside inetd? > > Yes, it's the bit on each line of /etc/inetd.conf which says "/usr/sbin/tcpd" > - it does an ident lookup and logs the access to syslog before handing the > connection over to the real daemon. > > If you don't want this to happen them remove the "/usr/sbin/tcpd" from > inetd.conf and just have the standard daemon listed there on its own. This is a very bad advice as the tcpwrappers are a standard security tool which shouldn't be disabled! And it won't help in cases of telnet and ftp as they do their ident lookups themselfs! The only way to go is to use iptables to reject those lookups. Cheers, Juri -- Juri Haberland <[EMAIL PROTECTED]>
