hosts.allow

Janina Sajka janina at afb.net
Sat Jan 5 18:48:26 EST 2002 

I think hosts.allow/deny is ssh specific. Ftp is managed elsewhere.

But, I would simply not listen on the ports that you don't want to accept 
on. If you don't permit a service, don't turn it on. There's even a way to 
not respond to probes (which I don't know how to tell you about). The idea 
is that if someone probes you and you answer saying "I don't accept that," 
the transaction goes quickly and the prober knows there's a machine behind 
that address. This encourages them to probe more. If, on the other hand, 
you don't answer at all, it takes a long time for the connection attempt 
to time out, and the prober is never sure whether there's no machine 
behind that address/port, or what.

Look at http://www.bastille-linux.org to learn more about such things. 
But, be careful applying the scripts mainly because you might shutdown 
more than you know, and it's always better to actually know how something 
is done than to have a script just do it for you.



On Sat, 5 Jan 2002, Gregory Nowak wrote:

> Ok, but what if ssh is the only service I want to have wide open and the rest closed?
> Yes, I know my firewall could take care of that, but I want additional security.
> Greg
> 
> 
> On Sat, Jan 05, 2002 at 05:42:31PM -0500, Janina Sajka wrote:
> > If you want your door wide open, just delete (or rename) /etc/hosts.deny. 
> > Bingo, everyone gets in from anywhere--provided they have ssh and 
> > accounts, of course.
> >  On Sat, 5 Jan 2002, Gregory Nowak wrote:
> > 
> > > Hi all,
> > > 
> > > I've tried typing "man hosts.allow", but no luck, so I have to ask.
> > > As Janina mentioned in reply to one of my posts, I'm currently blocking all connections with
> > > "ALL: all".
> > > However, I want to let ssh in from any ip address. How do I do this?
> > > I've tried "ssh: all", but no luck.
> > > Greg
> > > 
> > > 
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup at braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > > 
> > 
> > -- 
> > 	
> > 				Janina Sajka, Director
> > 				Technology Research and Development
> > 				Governmental Relations Group
> > 				American Foundation for the Blind (AFB)
> > 
> > Email: janina at afb.net		Phone: (202) 408-8175
> > 
> > Chair, Accessibility SIG
> > Open Electronic Book Forum (OEBF)
> > http://www.openebook.org
> > 
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina at afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

More information about the Speakup mailing list