On Fri, Oct 01, 1999, David Harris <[EMAIL PROTECTED]> wrote:
>
> Bruce Guenter [mailto:[EMAIL PROTECTED]] write:
> > And what happens when somebody tries to actively attack your system?
> > With these limits, I expect that a remote user could make your system
> > run out of FDs in a few minutes, not to mention memory. With a limit of
> > 10000, I could probably open up a thousand or so connections a minute
> > without triggering any of inetd's limits, and leave them open.
> >
> > inetd protects against one thing: rapid attacks. It does not offer any
> > protection against total amount of resources used (in the form of number
> > of connections). I have never run into a situation where rate
> > protection is needed, and have only rarely heard of such situations.
> > However, resource starvation is common.
>
> I use tcpserver for qmail - that only makes sense to me because of the load
> issues.
>
> But about the other services? I'd perhaps like to use tcpserver for them too..
> and I've heard that others have had success with this. But I don't like the
> idea of a whole bunch of programs all configured with command line directives
> running in the background just for these rarely used services.
>
> Why doesn't somebody patch tcpserver so that one daemon can handle multiple
> services and read the configuration all out of one file. That would be really
> neat, IMO.
>
> Also, when you tcpserver devotees start railing about how the system can be
> attacked with inetd, it rings hollow to me because an attacker could use any
> service to attack, right? So if I have inetd in my system I'm vulnerable
> whether I used it for qmail or not. Wouldn't it be cooler if you could show the
> user how to easily replace inetd with tcpserver all together?
Umm, you mostly reinvented inetd. Why not add the features you want to
inetd instead of reimplenting inetd in tcpserver?
Seriously, there's reasons for using either program. The point I'm
trying to make is, for 90% of the people out there, inetd is good
enough.
inetd works fine for spawning qmail-smtpd.
JE
