Hmmm...
I've compiled tcp wrapper 7.6 with the -DPARANOID and -DALWAYS_HOSTNAME
options... and set hosts.allow to only the local subnet .phy.syr.edu, and
hosts.deny to ALL:ALL
I try and can't get in from my home cable roadrunner, good.
I have someone legitimately coming in from china,
202.116.84.110/denali.zsu.edu.cn (nslookup: can't find 202.116.84.110:
Non-existent host/domain) and it lets him in!--- BAD
ideas? What am I missing?
Here's what options the compile does:
>cc -O -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP
>-DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK -DDAEMON_UMASK=022
>-DREAL_DAEMON_DIR=\"/usr/sbin\" -DPROCESS_OPTIONS -DSEVERITY=LOG_INFO
>-DRFC931_TIMEOUT=10 -DHOSTS_DENY=\"/etc/hosts.deny\"
>-DHOSTS_ALLOW=\"/etc/hosts.allow\" -Dvsyslog=myvsyslog -DALWAYS_HOSTNAME
>-o tcpd tcpd.o libwrap.a
Thanks
------------------------------------------------------------------------
Daniel C. Kirkpatrick, 218 Fergerson Park, N. Syracuse, NY 13212-2323
email: kirkpatrick_at_geocities.com ICQ# 7187320
KIRKPATRICK GENEALOGY WEB PAGE:
http://www.geocities.com/Heartland/6540
------------------------------------------------------------------------
"Next week there can't be any crisis. My schedule is already full."
- Henry Kissinger
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an
8-bit operating system written for a 4-bit processor by a 2-bit company
who cannot stand 1 bit of competition.
------------------------------------------------------------------------
Received on Sat Jan 22 2000 - 14:47:23 NZDT