[NTLUG:Discuss] Killing Bad People
m m
llliiilll at hotmail.com
Wed Feb 6 22:21:11 CST 2002
>From: Bug Hunter <bughuntr at one.ctelcom.net>
>
> Well, we do run the latest version of sshd. And we put it on a
>non-standard port, up there. You can then open sshd up in hosts.allow
>
>sshd: ALL
>
> so that it is accessible from anywhere.
>
> Note the order of the search for tcp_wrappers (and sshd) is
>
>hosts.allow, hosts.deny
>
> if the host is in hosts.allow, then allow. otherwise, check hosts.deny
>and see if it is not allowed. If it is NOT REFUSED in hosts.deny, then
>let the service work.
This seems a little strange to me.
what is the final results of each condition?
use ip 1.2.3.4 for example.
a) 1.2.3.4 in hosts.allow, in hosts.deny
b) 1.2.3.4 not in hosts.allow, in hosts.deny
c) 1.2.3.4 in hosts.allow, not in hosts.deny
d) 1.2.3.4 not hosts.allow, not hosts.deny
according to Bug, a) not allowed, b) not allowed, c) allowed, d)?
on d), I guess the result is deny, if this is the case
it seems that hosts.deny is only useful to _deny_ hosts.allow.
>
>bug
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the Discuss
mailing list