-------- Original-Nachricht --------
> Datum: Fri, 08 Jan 2010 14:57:12 +0100
> Von: Klaus Schmidinger <klaus.schmidin...@tvdr.de>
> An: VDR Mailing List <firstname.lastname@example.org>
> Betreff: Re: [vdr] [Patch] Allow to limit SVDRP port to given IP
> What about svdrphosts.conf?
It just denies someone to access. The port is still available, accessible and
in worst case also attackable. IIRC it is even required to accept the
connection at first, to find out the IP of the computer, which tries to access
and then to drop the connection in a second step. IMHO the better way, from the
security standpoint, is to get the port closed, so a potential attacker isn't
able to get to it at all. Most other daemons, which open ports, allow such
configuration, like cups, apache and others.
svdrphosts.conf, of course, still is needed for fine-configuration of allowed
hosts (other daemons also have this), but limiting the port to localhost would
be the better alternative to just disabling svdrp by setting the port to zero,
as currently recommended in the INSTALL file. If someone wants to configure his
system to have a minimum of ports opened to the outside world (like me), then
*disabling* svdrp is never a good solution, as this breaks scripts and other
The only thing, I'm unsure about, is, if we really need to specify an IP. A
simple switch like "--svdrp-localhost" (or similar) would also do the job. But
my first solution has the advantage, that there is no additional switch needed.
() ascii ribbon campaign - against html mail
/\ - gegen HTML-Mail
answers as html mail will be deleted automatically!
Antworten als HTML-Mail werden automatisch gelöscht!
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
vdr mailing list