Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- does Windows XP have a hosts.deny?
March 12, 2005, 10:56 am
rate this thread
Re: does Windows XP have a hosts.deny?
[compton ~]$ whatis hosts_access
hosts_access (3) - access control library
hosts_access (5) - format of host access control files
hosts_access [hosts] (5) - format of host access control files
You probably ought to re-read that man page, because your understanding
of /etc/hosts.allow and /etc/hosts.deny is totally wrong.
IF a service or protocol is _aware_ of tcp_wrappers or if it has been
compiled with libwrap, then the incoming connection will be tested
against conditions in /etc/hosts.allow. IF the connection is permitted
there OR if the service/protocol is not aware of tcp_wrappers or if it
was not compiled with libwrap, then the connection goes through. A NUMBER
OF SERVICES ARE NOT COMPILED WITH LIBWRAP OR ARE AWARE OF TCP_WRAPPERS.
ONLY IF a service or protocol is _aware_ of tcp_wrappers or if it has been
compiled with libwrap AND was not permitted in /etc/hosts.allow will the
rules in /etc/hosts.deny be inspected. If /etc/hosts.deny does have
the 'ALL: ALL' line (so highly recommended), only then will the connection
be dropped. Otherwise, it will be permitted.
Use the '/bin/netstat -tupan' command to see what ports you have open.
The use a decent scanner from a different computer (testing via loopback
on the same computer is misleading) to see how open those ports are.
Finally, read the Security-Quickstart-HOWTO to learn how this stuff works.
Are you really expecting windoze to have anything related to security? Why
do you think there are all of these third party firewalls? Or do you really
think the "built-in" firewall in XP is worth more than two grains of salt?