Re: Secure Servers (SMTP, POP3, FTP)

From: turbo23 (turbo23@gmx.net)
Date: 02/13/01


Date: Tue, 13 Feb 2001 15:07:00 +0100
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
From: turbo23 <turbo23@gmx.net>


> > >or maybe you like to run ftpd with tcp-server, from mr. djb.
> > >small, fast and easy to configure.
> >
> > You can also run ftpd with xinetd. It can also handle maximum number of
> > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more
> > secure than inetd.
>
>I'm not aware of any security issues in FreeBSD's inetd that involve it
>running an external (ie, exec) service. Care for pointers?
>
>19 June 2000, xinetd had the following bug:
>
> Certain versions of xinetd have a bug in the access control
> mechanism. If you use a hostname to control access to a service
> (localhost instead of 127.0.0.1 ), xinetd will allow any connection
> from hosts that fail a reverse look-up.
>
>Perhaps you mean inetd's on other systems (like those that don't have
>connection limits, and those that turn services off for 10 minutes
>without configurability on the amount of time turned off)?

You're right. But we had troubles with some inetd and Linux machines. I
thought this could be a problem with freebsd too. But I was wrong. Anwyway
we are using tcpserver at the moment.

regards
Thomas

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: How secure is inetd nowadays?
    ... There is no predefined limit to the number of instances, in this case, an attacker can open thousands of connections resulting in thousands of processes. ... And no, xinetd won't necessarily save you, although it may provide you with some configuration options you can set that will help. ... In certain ways, inetd is superior to xinetd, and preferable. ...
    (comp.os.linux.security)
  • Re: allow and deny ih fedora 7
    ... network connections to the Internet. ... But in Fedora 7 by default there is neither inetd nor xinetd. ... The relevant software is called "tcp_wrappers". ...
    (comp.os.linux.security)
  • [UNIX] Xinetd Memory Leaks
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Xinetd allows remote attackers to cause the program to ... leak memory, by causing enough memory leakage a computer running Xinetd ... It created> 5000 connections in 1 second. ...
    (Securiteam)
  • Re: xinetd -> danted fails [repost]
    ... I've checked and rechecked the danted and xinetd docs and FAQs. ... > *inetd ready. ... > command line option for it, but the sites are down and the cached ... Since the port cannot be listened on by more ...
    (comp.os.linux.networking)
  • RE: xinetd and hosts.allow
    ... I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work. ... connections to these ports, but I was thinking tcp wrappers would add to ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list --- ...
    (Fedora)