[NTLUG:Discuss] Killing Bad People

m m llliiilll at hotmail.com
Wed Feb 6 23:03:19 CST 2002 


>From: Bug Hunter <bughuntr at one.ctelcom.net>

>
>   OOPS! I did not read your comment closely enough before sending the
>last message.   Some scenarios:
>
>   1.2.3.4 in hosts.allow, hosts.deny  :  ALLOWED (hosts.allowed checked
>first)
this one confused me, if an ip in both hosts.allow and hosts.deny, the 
result is ALLOWED?

>
>   1.2.3.4 in hosts.deny, not in hosts.allow : DENIED
>

>   1.2.3.4 in hosts.allow, not in hosts.deny : ALLOWED
>   1.2.3.4 in not in hosts.allow, not in hosts.deny : ALLOWED

>
>   1.2.3.4 not in hosts.allow, ALL:ALL in hosts.deny  : DENIED
>
>   The search order is hard to read the way I wrote it.
>
>bug
>
>
>On Wed, 6 Feb 2002, m m wrote:
>
> > >From: Bug Hunter <bughuntr at one.ctelcom.net>
> > >
> > >   Well, we do run the latest version of sshd.  And we put it on a
> > >non-standard port, up there.  You can then open sshd up in hosts.allow
> > >
> > >sshd: ALL
> > >
> > >   so that it is accessible from anywhere.
> > >
> > >   Note the order of the search for tcp_wrappers (and sshd) is
> > >
> > >hosts.allow, hosts.deny
> > >
> > >   if the host is in hosts.allow, then allow. otherwise, check 
>hosts.deny
> > >and see if it is not allowed.  If it is NOT REFUSED in hosts.deny, then
> > >let the service work.
> > This seems a little strange to me.
> > what is the final results of each condition?
> > use ip 1.2.3.4 for example.
> >
> > a) 1.2.3.4 in hosts.allow, in hosts.deny
> > b) 1.2.3.4 not in hosts.allow, in hosts.deny
> > c) 1.2.3.4 in hosts.allow, not in hosts.deny
> > d) 1.2.3.4 not hosts.allow, not hosts.deny
> >
> > according to Bug, a) not allowed, b) not allowed, c) allowed, d)?
> >
> > on d), I guess the result is deny, if this is the case
> > it seems that hosts.deny is only useful to _deny_ hosts.allow.
> >
> >
> >
> > >
> > >bug
> >
> >
> > _________________________________________________________________
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
> >
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

More information about the Discuss mailing list