1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
$OpenBSD: BLURB,v 1.1 1997/02/26 06:00:30 downsj Exp $
@(#) BLURB 1.27 97/02/12 02:13:17
With this package you can monitor and filter incoming requests for the
SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
network services.
The package provides tiny daemon wrapper programs that can be installed
without any changes to existing software or to existing configuration
files. The wrappers report the name of the client host and of the
requested service; the wrappers do not exchange information with the
client or server applications, and impose no overhead on the actual
conversation between the client and server applications.
This patch upgrades the tcp wrappers version 7.4 source code to version
7.5. Highlights of this release:
- Support for more UNIX system types.
- Improved protection against IP spoofing attacks with source-routed
TCP connections, by refusing them. This protection is not enabled by
default.
This release does not introduce new features. Do not bother applying
this patch when you built your current tcp wrapper without enabling the
KILL_OPTIONS compiler switch. The patch is not useful for obsolete UNIX
versions that pre-date 4.4BSD, such as SunOS 4. Such systems are unable
to receive source-routed connections and are therefore not vulnerable
to IP spoofing attacks with source-routed TCP connections.
A complete change log is given in the CHANGES document. As always,
problem reports and suggestions for improvement are welcome.
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology,
The Netherlands.
Currently visiting IBM T.J. Watson Research, Hawthorne NY, USA.
|
