linux-l: Firewall-Frage

Robin S. Socha robin at socha.net
Sa Dez 25 20:22:33 CET 1999 

* Carsten A Friebel <carsten_friebel at gmx.net> writes:
> Welche Funktionalität deckt portsentry ab?

,----
| PortSentry is part of the Abacus Project suite of security tools.
| It is a program designed to detect and respond to port scans against
| a target host in real-time. There are other port scan detectors that
| perform similar detection of scans, but PortSentry has some unique
| features that may make it worth looking into  
| 
| WWW: http://www.psionic.com/abacus/portsentry/
`----

Noch viel interessanter finde ich jedoch folgendes (sorry für das
längliche c&p, aber...)

,----
| Xinetd is a replacement for inetd, the internet services daemon.
| 
| Xinetd is not just an inetd replacement. Anybody can use it to
| start servers that don't require privileged ports because xinetd
| does not require that the services in its configuration file be
| listed in /etc/services.
| 
| Its configuration file has a different format than inetd's one
| and it understands different signals. However the signal-to-action 
| assignment can be changed.
| 
| It is a lot better than inetd. Here are the reasons:
| 
| 1) It can do access control on all services based on:
|    a. address of remote host
|    b. time of access
| 
| 2) Access control works on all services, whether multi-threaded or
|    single-threaded and for both the TCP and UDP protocols.  All UDP
|    packets can be checked as well as all TCP connections.
| 
| 3) It provides hard reconfiguration:
|    a. kills servers for services that are no longer in the
|       configuration file 
|    b. kills servers that no longer meet the access control criteria
| 
| 4) It can prevent denial-of-access attacks by
|    a. placing limits on the number of servers for each service (avoids
|       process table overflows)
|    b. placing an upper bound on the number of processes it will fork
|    c. placing limits on the size of log files it creates
| 
| 5) Extensive logging abilities:
|    a. for every server started it can log:
|       i) the time when the server was started
|       ii) the remote host address
|       iii) who was the remote user (if the other end runs a
|            RFC-931/RFC-1413 server)
|       iv) how long the server was running
|       (i, ii and iii can be logged for failed attempts too).
|    b. for some services, if the access control fails, it can
|       log information about the attempted access (for example,
|       it can log the user name and command for the rsh service)
| 
| 6) No limit on number of server arguments
`----
-- 
Robin S. Socha <http://socha.net/>

Mehr Informationen über die Mailingliste linux-l