From owner-freebsd-security  Thu Mar 25 12:40:58 1999
Delivered-To: freebsd-security@freebsd.org
Received: from trolldom.oss.uswest.net (trolldom.oss.uswest.net [204.147.86.29])
	by hub.freebsd.org (Postfix) with SMTP id 951BF15371
	for <freebsd-security@freebsd.org>; Thu, 25 Mar 1999 12:40:35 -0800 (PST)
	(envelope-from marker@trolldom.oss.uswest.net)
Received: (qmail 14433 invoked from network); 25 Mar 1999 20:40:13 -0000
Received: from localhost.uswest.net (HELO trolldom.oss.uswest.net) (127.0.0.1)
  by localhost.uswest.net with SMTP; 25 Mar 1999 20:40:13 -0000
To: freebsd-security@freebsd.org
Reply-To: marker@uswest.net
Subject: Re: xinetd vs. tcp_wrappers 
In-reply-to: Your message of "Thu, 25 Mar 1999 15:02:19 EST."
             <4.1.19990325145000.00b63100@mason.gmu.edu> 
Date: Thu, 25 Mar 1999 14:40:13 -0600
From: Jeff Marker <marker@trolldom.oss.uswest.net>
Message-Id: <19990325204041.951BF15371@hub.freebsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 25 Mar 1999 15:02:19 -0500  egault@gmu.edu wrote:
>I found plenty of information on tcp_wrappers and one Web site with 
>information on xinetd (http://xinetd.synack.net) but what I couldn't
>find (and what I'm most interested in) was opinions from
>knowledgeable folks about what the "best" way to replace or deal with
>inetd is.  Anybody have strong feelings about this?  

I'm sure that a lot of people have strong feelings about it. :) I
don't, really. Will that invalidate my response?

>I sense tcp_wrappers is in widespread use but I couldn't get a feel
>for how widespread use of xinetd is.  What do most security savvy
>system administrators use?

I'd have to guess that "most" use tcp_wrappers, because it's been
around for a good while. I use both, but not together (there's a patch
to xinetd that allows tcp_wrappers to be used, but i've not installed
it.)

My understanding is that xinetd is meant to be a complete replacement
for the inetd/tcp_wrappers bunndle. As such, it is expected to have
the functionality of both. I have, however, been unable to get xinetd
to

	1) send me mail when someone touches my machines in a
	   way i've not said is ok,
	2) do the "twisting" of the connection to a different
	   service/host.

However, i've not spent a whole lot of time at it, either.

Xinetd is nice because it can limit the number of instances of a
specific service.

I think that i favor tcp_wrappers a little, but not enough to take
sides in a holy war, or even enough to really press for it.


Hope i've made some sense.


Jeff

#include <stddisclaim.h>  /* i speak for myself, not my company */
-- 
   Jeff Marker                      US West Internet Services Operations
   Former UNIX Guy                  600 Stinson Blvd.
   marker@uswest.net                Minneapolis, MN  55413-2620
                   "I claim only to be accurate, not right."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message