home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.aix
- Path: sparky!uunet!uunet.ca!shark!shark.csi.on.ca!ddrg
- From: ddrg@csi.on.ca (Duncan Glendinning)
- Subject: Re: tcp/ip filtering via software - possible?
- Message-ID: <ddrg.726253502@shark.csi.on.ca>
- Keywords: tcp/ip gate choke login inetd rlogin rcp
- Sender: usenet@csi.on.ca (0000-news system owner(0000))
- Nntp-Posting-Host: shark.csi.on.ca
- Organization: Carp Systems International
- References: <3450@nlsun1.oracle.nl>
- Date: Tue, 5 Jan 1993 17:05:02 GMT
- Lines: 34
-
- rlyle@nl.oracle.com (Rob Lyle Wizard of Ozje) writes:
-
- >AIXers,
-
- >I need to have my RS6000/520h filter all tcp/ip packets (be that ftp,
- >login, telnet, whatever ...) to provide a 100% secure system inside a busy
- >network. I could always build new versions of inetd, rlogin et al. but for
- >obvious reasons (don't want to be held responsible for bug reports, software
- >maintenance et al. ;-) I'd rather do it in an official way. There are a couple of
- >host and user combinations which require access, and absolutely NOONE else.
-
- >In HP-UX (secure tcp/ip option) you can specify specific internet addresses/
- >or subnets which may or may not make use of services via the inetd.sec file
- >Is such an option available in AIX 3.2.0???
-
- >It'll save me a lot of heartache (not to mention money if I have to buy a router/
- >gateway just to make this machine secure).
-
- >All suggestions considered ... thanks.
-
- >--Rob.
-
- We use in.gated, which is inserted in /etc/inetd.conf, and is used to
- identify which host / networks are permitted access. Its one of two
- (tcp_wrapper) solutions which are most often used. Its widely available
- via anonymous ftp, and is simple to build and install (less than an hours
- work).
-
- Hope this helps... duncan
- --
- Duncan Glendinning CAnet: ddrg@csi.on.ca
- Carp Systems International Voice: (613) 592-5780
- 600 Terry Fox Drive, Suite 200 Fax: (613) 592-0584
- Kanata, Ontario, Canada K2L 4B6
-