Re: host.deny not working



On Tue, 06 Dec 2005 09:08:10 -0800, dscott5912 wrote:

> Yes. I'm sure.

Maybe look in: /usr/share/doc/tcp_wrappers-7.6/README.NIS for some
"gethostbyname" and "gethostbyaddr" that check this anyways ...

Besides have you tryed:

/usr/sbin/tcpdck -v
/usr/sbin/tcpdmatch sshd user1@xxxxxxxxxxxxxxxxx

Another thing i would do is this edit the /etc/hosts.* line like:

sshd: KNOWN@.somenetwork.lan

Which should accept (or deny) any host on "somenetwork" that has an identd
running, then look at network trafic while connecting, with tethereal or:

tcpdump -X -i eth0 -s 1500

HTH.
(Probably not, but whatever.)

--
-Menno.

.



Relevant Pages

  • site-to-site VPN between a 1721 and a 857
    ... host 10.241.151.1 255.255.255.0 ... remark IPSec Rule ... access-list 100 deny ip host 255.255.255.255 any ...
    (comp.dcom.sys.cisco)
  • Rate limiting MYsql (Port 3310)
    ... ip cef accounting per-prefix prefix-length ... ip host tardis 204.209.81.2 ... access-list 101 permit tcp any 204.209.81.0 0.0.0.255 ... access-list 102 deny ip 119.30.128.0 0.0.63.255 any ...
    (comp.dcom.sys.cisco)
  • Why is it not funtioning?
    ... crypto pki certificate chain TP-self-signed-xxxxxxxxxx ... interface FastEthernet0 ... deny ip any host 172.27.0.1 ...
    (comp.dcom.sys.cisco)
  • CISCO 851 -VPN CLIENT
    ... I would like to test a VPN connection with a cisco 851 and a remote PC ... ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4 ... access-list 100 deny ip any host 172.24.50.211 ...
    (comp.dcom.sys.cisco)
  • One router and 2 DSL lines
    ... authentication login userlist local ... udp host 145.7.191.18 eq ntp host 172.20.1.222 eq ntp ... permit ip host 172.20.1.3 any ... access-list 101 deny ip 10.21.23.0 0.0.0.255 any ...
    (comp.dcom.sys.cisco)