So what happens to services whose access is not controlled by tcpwrappers. Say somehow you have mysqld runnign in the background. Anyone from the net would be able to access your system via mysql and if there was a vulnerability in it they could exploit it same would go for a service like sendmail etc. But an ipchains firewall with default to deny could be configured to only allow in those connections you need and by default block all other connections.
Actually I'd prefer to stick with this simple solution, but maybe someone has convincing arguments against this approach...
Regards, Marko
-- O _ O 0 0 ------------------m-\o/-m------------------------------------------ Dr. Marko K"aning Tel/Fax: +49-3834 554 442 / -3834 554 301 INP Greifswald email : kaening@inp-greifswald.de
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com