Snort mailing list archives
RE: Wrappers
From: "Benjamin W. Ritcey" <ben () ritcey com>
Date: Wed, 7 Nov 2001 11:58:34 -0500
If /etc/hosts.* works w/ sshd, you have wrappers support compiled in ('./configure --with-tcp-wrappers'). strings sshd|grep hosts. will show you it has knowledge /etc/hosts.allow & /etc/hosts.deny compiled in (libwrap.a is a static lib). HTH, -b -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of JPP Sent: Tuesday, November 06, 2001 2:31 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Wrappers Hmmm I do not post too often to these groups - mostly lurk and read and learn. But this I have found to be a false assumption. Using Xinetd set to use hosts.allow and hosts.deny (in particular), I have found on RedHat 7.x systems that using these files to regulate SSH connections works quite well. Adding to hosts.deny: ALL: ALL Will indeed stop SSH connections as well as everything else that uses these wrappers (least for me it does!) I add: SSHD: Some.IP.Range. or.some.ip.address to hosts.allow and I get access once more. I may be far off base here - but it indeed works in my case. Give it a try. May work for you also. And possibly some kind soul can explain why SSH is regulated this way without being added to any conf file ... Regards! JPP FRWS/ePaxSys NetSolutions http://www.frws.com http://www.epaxsys.net Kevin Brown wrote:
Yes, but TCP Wrappers will only protect those services that use it (i.e. telnet, ftp), but services like httpd, ssh and a boatload more do not rely on TCP wrappers will not be protected by you setting hosts.deny to
ALL:ALL.
-----Original Message----- From: snortlst snortlst [mailto:snortlst () hotmail com] Sent: Tuesday, November 06, 2001 11:38 To: james; snort-users () lists sourceforge net Subject: Re: [Snort-users] Wrappers So basically what you're saying is that I can use DENY ALL in wrappers and still be able to successfully run snort,right? ----- Original Message ----- From: "james" <the_saint_james () yahoo com> To: <snort-users () lists sourceforge net> Sent: Tuesday, November 06, 2001 1:30 PM Subject: Re: [Snort-users] WrappersWrappers control services snort sniffs packets off thecard. I use verynarrow wrappers, this does not effect Snort's reporting James Edwards jamesh () cybermesa com At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200 or Toll Free: 888-988-2700 ----- Original Message ----- From: "snortlst snortlst" <snortlst () hotmail com> To: <snort-users () lists sourceforge net> Sent: Tuesday, November 06, 2001 8:42 AM Subject: [Snort-users] WrappersOn which layer snort inspects incoming traffic? If itinspects it beforetcp/ip (like checkpoint firewall) then can I use tcpwrappers and deny alltraffic in tcp wrappers in order to secure linux machine? thx. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers Chris Green (Nov 06)
- <Possible follow-ups>
- RE: Wrappers Kevin Brown (Nov 06)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers Skip Carter (Nov 06)
- Re: Wrappers JPP (Nov 06)
- RE: Wrappers Benjamin W. Ritcey (Nov 07)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- RE: Wrappers Wells, Kenneth L (Nov 06)
- RE: Wrappers Demetri Mouratis (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 07)
- RE: Wrappers Chris Eidem (Nov 06)