Short answer:
It's not possible.
Long answer:
After the research it took me, I'm just too damned lazy to write it up. Just
trust me, can't be done.
Hal
On Feb 24, 2011, at 3:49 AM, Hal Vaughan wrote:
> I'm using a small program that's started by xinetd. The incoming signal to
> it would
On Tue, Nov 07, 2006 at 03:28:29PM +0100, Matus UHLAR - fantomas wrote:
> Hello,
>
> I am trying run different servers on different addresses but the same port.
> I have "generic" pidentd listening on wildcard addresses (0.0.0.0) and want
> different ident server listen on different address (192.1
Hello Jonathan!
On Mon, Nov 17, 2003 at 08:31:47AM +, Jonathan Dowland wrote:
On Mon, Nov 17, 2003 at 07:07:58AM +0100, Florian Ernst wrote:
On Sun, Nov 16, 2003 at 08:46:04PM -0500, Tom Allison wrote:
>I was a little surprised to find that I could not then remove the inetd
>package.
Some ra
On Mon, Nov 17, 2003 at 07:07:58AM +0100, Florian Ernst wrote:
> On Sun, Nov 16, 2003 at 08:46:04PM -0500, Tom Allison wrote:
> >I was a little surprised to find that I could not then remove the inetd
> >package.
>
> Some rather old issue, see
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=68
Hello Tom!
On Sun, Nov 16, 2003 at 08:46:04PM -0500, Tom Allison wrote:
I was playing with xinetd on another distro and decided that I kind of
liked it and wanted to install it onto my debian distro.
Well, I wouldn't like to miss its extended features either.
I was a little surprised to find tha
> I was playing with xinetd on another distro and decided that I kind of
> liked it and wanted to install it onto my debian distro.
>
> I was a little surprised to find that I could not then remove the inetd
> package.
>
> Does this mean that I have both 'super servers' installed at once?
I have
On Fri, Jan 11, 2002 at 03:47:27PM +0100, martin f krafft wrote:
[ martin didn't write this, chris wagner did ]
> > Come on... there are only 4 ip numbers in a /30!!! The only
> > conceivable use for a /30 is as a point-to-point. /29 maybe for cable
> > modem LANs...
/30s are also used when a
also sprach Chris Wagner <[EMAIL PROTECTED]> [2002.01.11.0616 +0100]:
> >okay, why libwrap then?
>
> Once the network is compromised, it makes no difference what's on the box.
> If done properly, the compromised network is indistinguishable from the
> uncompromised network. That box is totally on
At 06:01 AM 1/11/02 +0100, martin f krafft wrote:
>okay, why libwrap then?
Once the network is compromised, it makes no difference what's on the box.
If done properly, the compromised network is indistinguishable from the
uncompromised network. That box is totally on it's own. :)
>/29, although
also sprach Chris Wagner <[EMAIL PROTECTED]> [2002.01.11.0541 +0100]:
> This is sort of the function of canonical names. "Other" names for the IP
> besides the absolute name (or Loopback name in our parlance). But CNAME's
> are deprecated for other reasons. I personally never had any problems us
also sprach Chris Wagner <[EMAIL PROTECTED]> [2002.01.11.0556 +0100]:
> >a bogus IP won't even make it past OSI layer 4 on debian...
> >rp_filter...
>
> There are ways of doing it such that the box has NO WAY of knowing
> that the traffic is spoofed. Granted, that is hard to do. Even
> paranoid
At 04:22 AM 1/11/02 +0100, martin f krafft wrote:
>a bogus IP won't even make it past OSI layer 4 on debian... rp_filter...
There are ways of doing it such that the box has NO WAY of knowing that the
traffic is spoofed. Granted, that is hard to do. Even paranoid lookups can
be overcome. But it'
At 10:01 PM 1/10/02 -0600, Nathan E Norman wrote:
>Congratulations ... you just set up your DNS incorrectly. Every PTR
>entry should resolve to a _unique_ name, and that name should resolve
>to a _unique_ IP. That doesn't mean you can't have additional A
>records doing load balancing.
To give a
also sprach Nathan E Norman <[EMAIL PROTECTED]> [2002.01.11.0501 +0100]:
> Congratulations ... you just set up your DNS incorrectly. Every PTR
> entry should resolve to a _unique_ name, and that name should resolve
> to a _unique_ IP. That doesn't mean you can't have additional A
> records doing
On Fri, Jan 11, 2002 at 01:29:08AM +0100, martin f krafft wrote:
> i think you need to know exactly what this checks to get a clue...
>
> first, the IP is taken and reverse-resolved to a domain name. then the
> domain name is resolved to an IP. if that IP doesn't match, it'll DENY.
>
> now if 1.2
also sprach Chris Wagner <[EMAIL PROTECTED]> [2002.01.11.0205 +0100]:
> Well, the rationale behind this is as you touched on, preventing
> spoofed address attacks. A paranoid lookup essentially verifies that
> the connecting system is a known legit host. In effect you're using
> your DNS system a
Well, the rationale behind this is as you touched on, preventing spoofed
address attacks. A paranoid lookup essentially verifies that the connecting
system is a known legit host. In effect you're using your DNS system as
another level of authentication. Say somebody wants to covertly log on or
a
also sprach Marcin Owsiany <[EMAIL PROTECTED]> [2002.01.11.0058 +0100]:
> > it's not really a security measure anymore, i find. feel free to
> > disagree...
>
> Disabling PARANOID mode only means that you shouldn't trust the logged
> hostnames, because thay may be faked, no?
kinda. it also tries
also sprach Sam Varghese <[EMAIL PROTECTED]> [2002.01.11.0053 +0100]:
> i can only speak from my limited experience. i have found these measures
> to work, therefore i practice them. of course, one would agree to
> disagree.
i don't want to come across as the wannabe-guru, but what exactly do you
On Fri, Jan 11, 2002 at 12:11:13AM +0100, martin f krafft wrote:
> it's not really a security measure anymore, i find. feel free to
> disagree...
Disabling PARANOID mode only means that you shouldn't trust the logged
hostnames, because thay may be faked, no?
Marcin
--
Marcin Owsiany <[EMAIL PROT
On Fri, Jan 11, 2002 at 12:11:13AM +0100, martin f krafft wrote:
> > If a host does not match its IP, your system SHOULD deny it access.
>
> i actually disagree. (a) these days, many run their own DNS even though
> the IP belongs to someone else and is only leased to a "home user". (b)
> you would
also sprach Sam Varghese <[EMAIL PROTECTED]> [2002.01.10.2323 +0100]:
> Why would you want to remove your first line of defence? Do you want the
> whole world to have access to the box in question?
that doesn't mean allowing access to the whole world!
> If a host does not match its IP, your syste
On Thu, Jan 10, 2002 at 03:41:37PM +0100, Davi Leal wrote:
> Is It safe to delete the ALL:PARANOID line in /etc/hosts.deny to avoid the
> below messages in /var/log/syslog?
>
> Jan 22 12:13:46 excalibur xinetd[254]: warning: /etc/hosts.deny, line 15:
> can't verify hostname: gethostbyname(geicamds
On Mon, 2001-11-12 at 11:43, Brian P. Flaherty wrote:
> Michael Heldebrant <[EMAIL PROTECTED]> writes:
>
> > On Sun, 2001-11-11 at 12:16, Brian P. Flaherty wrote:
> > > Hello,
> > >
> > > I am trying to run an rsync server from xinetd. I have a desktop
> > > connected via eth0 to a DSL line and
Michael Heldebrant <[EMAIL PROTECTED]> writes:
> On Sun, 2001-11-11 at 12:16, Brian P. Flaherty wrote:
> > Hello,
> >
> > I am trying to run an rsync server from xinetd. I have a desktop
> > connected via eth0 to a DSL line and eth1 connected to a little hub.
> > My laptop is on the hub too. Wh
On Sun, 2001-11-11 at 12:16, Brian P. Flaherty wrote:
> Hello,
>
> I am trying to run an rsync server from xinetd. I have a desktop
> connected via eth0 to a DSL line and eth1 connected to a little hub.
> My laptop is on the hub too. When I start the rsync server from the
> prompt, I can access
-> Greetings friends. Perhaps someone here can help me. (BTW -- a CC
-> would sure be nice, if you reply. :)
->
-> I am trying to build a short and sweet http redirector using the
-> twist function from hosts_options(5). I did this before, with ftp,
-> and inetd. Trouble is, now I am using a machi
On Dec 05 2000, Sam TH wrote:
[About tcp-server]
> Sadly, that means it is non-free since djb doesn't believe in free
> software.
> :-(
Yes, this is indeed the case. If you can't have free software
in your computers, then that is indeed a pity.
But if you can, then you m
On Tue, Dec 05, 2000 at 01:33:21AM -0500, [EMAIL PROTECTED] wrote:
> try tcpserver is suppose to be very secure replacement for inetd, it
> was written by the same guy who wrote qmail - secure replacement for
> sendmail.
>
Sadly, that means it is non-free since djb doesn't believe in free
softwar
try tcpserver is suppose to be very secure replacement for inetd, it
was written by the same guy who wrote qmail - secure replacement for
sendmail.
On Mon, Dec 04, 2000 at 09:05:17PM -0800, Nate Amsden wrote:
> "S.Salman Ahmed" wrote:
>
> > Finally, the sole reply to my posting. Thanks for the i
"S.Salman Ahmed" wrote:
> Finally, the sole reply to my posting. Thanks for the info. One of these
> days when I reinstall Debian on my FW system, I will use xinetd instead
> of inetd.
curious what do you need (x)inetd for on a firewall? perhaps the only
daemon running on such a system is ssh..wh
-> Is it better to user xinetd vs. regular inetd on a firewall box ?
it's better to use xinetd then inetd at all.
-> Also, why isn't xinetd used in debian by default ?
1. its harder to configure (but more powerful)
2. update-inetd doesn't recognize its format (afaik)
--
Matus "fantomas" Uhlar
* Me <[EMAIL PROTECTED]> [221100 12:12]:
> Debian Users,
>
> I'm trying to be security conscious. I've heard xinetd is the way to
> go when it comes to an internet super-server so I apt-get installed it. Only
> problem is that I can't get it to work with fetchmail.
>
> My xinetd.
* Robin Collins <[EMAIL PROTECTED]> [221100 13:54]:
[snip salutations]
> RAJ> My xinetd.conf only contains one stanza. Here it is:
>
>
> RAJ> service smtp
> RAJ> {
> RAJ> socket_type = stream
> RAJ> protocol= tcp
> RAJ>
On Thu, Sep 28, 2000 at 11:23:44AM +0100, Colin Watson wrote:
> will trillich <[EMAIL PROTECTED]> wrote:
> >i've not deciphered some of these XINETD messages just yet--
> >if you can translate for me, or point me to The Path Of Enlightenment,
> >lemme know:
> >
> >Sep 27 20:37:20 server xinetd[883]
will trillich <[EMAIL PROTECTED]> wrote:
>i've not deciphered some of these XINETD messages just yet--
>if you can translate for me, or point me to The Path Of Enlightenment,
>lemme know:
>
>Sep 27 20:37:20 server xinetd[883]: bind failed (Address already in use
>(errno = 98)). service = telnet
>Se
solved
I have to allow "ident" in hosts.allow because the service is "ident"
-> I run xinetd and I found that compiled-in tcp wrappers don't work...
->
-> hosts.allow:
->
-> identd : ALL : severity daemon.info : allow
-> proftpd : ALL : severity daemon.info : allow
->
-> ALL : ALL : severi
On Mon, Sep 18, 2000 at 08:40:38PM +0200, Matus fantomas Uhlar wrote:
> Hello,
>
> I run xinetd and I found that compiled-in tcp wrappers don't work...
>
> hosts.allow:
>
> identd : ALL : severity daemon.info : allow
> proftpd : ALL : severity daemon.info : allow
>
> ALL : ALL : severity daemo
> No, there are two different things:
> - service_name - tag: service
> - service id - attribute tag: id
Ah! Now I see. Works fine, thanks!
--
\\//
peter - http://www.softwolves.pp.se/
- and God said: nohup make World >& World.log &
On Mon, Sep 27, 1999 at 10:18:23PM +0200, peter karlsson wrote:
> > > I can't specify the service twice (it complains about duplicats),
> > Use `id' tag - different in any service definition
>
> Well, the problem is that the id number is the port from /etc/services, and
> there is only one id per
> > I can't specify the service twice (it complains about duplicats),
> Use `id' tag - different in any service definition
Well, the problem is that the id number is the port from /etc/services, and
there is only one id per port.
> This is socket interface limitation (not only xinetd) you can bi
On Mon, Sep 27, 1999 at 01:32:27AM +0200, peter karlsson wrote:
> Hi!
>
> I'm using xinetd because it can bind services to certain network interfaces.
> BUT, I'm not able to get it to bind *one* service to *two* interfaces (out
> of three). How do I do that?
>
> I can't specify the service twice
Robert,
> Well, I don't have a solution to offer, unfortunatly, though xinetd currently
> is my concern, too. I have looked at the FAQ page of http://synack.net/ (the
> maintainers of xinetd), and according to what they wrote, your problem seems
> to be generally unsolved. Too bad that I can't off
On Sun, Jul 11, 1999 at 06:17:28PM +0200, Pere Camps wrote:
> Hi!
>
> Has anyone got working the re:? If so, would you please send me
> your /etc/xinetd.conf. I've tried almost all combinations without any
> luck. :-/
>
> TIA!
Well, I don't have a solution to offer, unfortunatly, tho
On Tue, Jun 09, 1998 at 03:55:58PM +0200, Mirek Kwasniak wrote:
> On Mon, Jun 08, 1998 at 02:56:44PM -0400, Norbert Veber wrote:
> > The bug report pretty much says:
> > xinetd: samba 1.9.18p3-1 don't work from xinetd (from inetd is ok)
> >
> > What I need is to know if this is a real bug or just
On Mon, Jun 08, 1998 at 02:56:44PM -0400, Norbert Veber wrote:
> The bug report pretty much says:
> xinetd: samba 1.9.18p3-1 don't work from xinetd (from inetd is ok)
>
> What I need is to know if this is a real bug or just a user configuration
> problem. I personally do not have/use samba, but I
William R. Ward wrote:
>
> I just figured out and fixed this on my system last night. I run a
> fairly bleeding edge hamm - I have my own mirror and I upgrade about
> once a week. The new version of netbase renames rpc.portmap to
> portmap, but xinetd has not been made aware of this yet. The fi
I just figured out and fixed this on my system last night. I run a
fairly bleeding edge hamm - I have my own mirror and I upgrade about
once a week. The new version of netbase renames rpc.portmap to
portmap, but xinetd has not been made aware of this yet. The fix is
to edit the file /etc/init.d/
On Tue, Jan 13, 1998 at 01:17:27PM -0500, debian mail recipient wrote:
>
> I've had a problem telnet-ing to my machine recently, and the reason is
> because xinetd is not starting. This is because the startup script
> (S20xinetd)
> checks for a file called "/usr/sbin/rpc.portmap" and, as it is n
Guido Bozzetto wrote:
> I've installed the xinetd package but at the boot time don't start.
...skip...
> with the same problem, xinetd starts if run then manualy from the
> prompt but don't start automaticaly at boot. The problem is on the
> startup script /etc/init.d/xinetd :
>
> #!/bin/sh
> #
Nick Gilliam <[EMAIL PROTECTED]> wrote:
>I know this is probably something really simple but after
>installing xinetd in place of inetd, the super server (xinetd)
>no longer loads at boot.
[...]
I ran into this bug too. It's a known problem. See
http://www.debian.org/Bugs/db/12/12021.html
f
> I found that both xinetd and inetd are running in my system. Does
> xinetd conflicts inetd? Do I have to uninstall inetd?
>
> Lawrence
>
xinetd is replacement for inetd. Both have different conf files.
Teoretically you can run both for different services :)
When both have common services you
[EMAIL PROTECTED] writes:
> 2. using log_type = FILE doesn't work if filename doesn't exist.
> Man
>page says it should create it, but it doesn't.
> Am I overlooking something? Can anyone confirm these problems?
I can confirm this second one, yes.
--
Michael D. Harnois, Redeemer Lutheran
On 7 Aug, [EMAIL PROTECTED] wrote:
>
> Do I have to upgrade man page index somehow?
> Lesson learned: Debian is always right. Read man page carefully :)
>
You could try mandb, although I never called it mayself and never had
problems when I installed manpages to /usr/local.
Ciao,
Martin
Hi,
and many thanks to all the kind people who answered my question(*). I found
xinetd.conf man page, so I checked out xinetd man page to see if a bug was
lying there (referring to xinetd (5) instead of xinetd.conf (5)), but it was
all ok. So I was wrong. But I remember not seeing a pointer to xine
On 6 Aug, [EMAIL PROTECTED] wrote:
> Hi debian fellows,
> I installed today 1.2.17 from a Flexible Software CD (thanks Dale). I wanted
> to
> try xinetd and found substituting it to inetd painless. When I wanted to look
> at the configuration issue, I found that xinetd (5) is missing.
> Is this a
On Sat, 24 May 1997 [EMAIL PROTECTED] wrote:
> On startup I got a syslogmessage:
>
> May 23 20:31:06 haitech xinetd[246]: open of /dev/tty failed: No such device
> or
> address
> May 23 20:31:06 haitech xinetd[246]: Started working: 18 available services
The failure of opening /dev/tty is a no
I suspect that xinetd isn't attached to any terminal, and thus an open
of /dev/tty would fail. Without investigating the problem further,
I suggest it should probably be using /dev/console or a log file.
Thanks
Bruce
--
Bruce Perens K6BP [EMAIL PROTECTED] 510-215-3502
Finger
Happened to me on another system I had setup.
Didn't really spend much time on the problem, but I would be very courious
as to what is causeing the message.
btw: I also added default setting for all services. The install did not do
this, it just converted all of inetd services over. Also remember
On Sun, 13 Oct 1996, Boris D. Beletsky wrote:
borik >Since i've noticed that there is no xinetd pkg for debian, i thought
borik >that i can maintain it.
I really like to have it. But I wonder how the debian scripts for the
maintenance ("update-inetd") of inetd.conf will fare with the diff
60 matches
Mail list logo
