TCP Wrapper:修订间差异
删除的内容 添加的内容
小 →参见 |
无编辑摘要 |
||
| 第1行: | 第1行: | ||
__NOTOC__ |
__NOTOC__ |
||
{{NoteTA|G1=IT}} |
{{NoteTA|G1=IT}} |
||
{{Translating|||tpercent=0|tfrom=[[:en:TCP Wrapper]]|time=2014-09-11T09:59:12+00:00}} |
|||
{{Infobox software |
{{Infobox software |
||
|name = TCP Wrapper |
|name = TCP Wrapper |
||
| 第17行: | 第16行: | ||
原始代码是1990年左右由[[荷兰人]]Wietse Venema编写的,目的是监视[[埃因霍温理工大学]]数学和计算机科学系的[[Unix]][[工作站]]上的黑客行动。<ref>[ftp://ftp.porcupine.org/pub/security/tcp_wrapper.pdf ''TCP WRAPPER - Network monitoring, access control, and booby traps.'' by Wietse Venema]</ref>Wietse Venema一直维护这个程序到1995年;2001年6月1日,在其自己的[[BSD许可证|BSD风格的许可证]]下发布。 |
原始代码是1990年左右由[[荷兰人]]Wietse Venema编写的,目的是监视[[埃因霍温理工大学]]数学和计算机科学系的[[Unix]][[工作站]]上的黑客行动。<ref>[ftp://ftp.porcupine.org/pub/security/tcp_wrapper.pdf ''TCP WRAPPER - Network monitoring, access control, and booby traps.'' by Wietse Venema]</ref>Wietse Venema一直维护这个程序到1995年;2001年6月1日,在其自己的[[BSD许可证|BSD风格的许可证]]下发布。 |
||
The [[tar (file format)|tar]]ball includes a [[Library (computer science)|library]] named '''[[libwrap]]''' that implements the actual functionality. Initially, only services that were spawned for each connection from a [[super-server]] (such as [[inetd]]) got ''wrapped'', utilizing the '''tcpd''' program. However most common network service [[Daemon (computer software)|daemons]] today can be [[Linker (computing)|linked]] against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs. |
|||
When compared to host access control directives often found in daemons' configuration files, TCP Wrappers have the benefit of [[Run time (program lifecycle phase)|runtime]] ACL reconfiguration (i.e., services don't have to be reloaded or restarted) and a generic approach to network administration. |
|||
This makes it easy to use for anti-[[Worm (computing)|Worm]] scripts, such as [[DenyHosts]] or [[Fail2ban]], to add and expire client-blocking rules, when excessive connections and/or many failed login attempts are encountered. |
|||
While originally written to protect [[Transmission Control Protocol|TCP]] and [[User Datagram Protocol|UDP]] accepting services, examples of usage to filter on certain [[Internet Control Message Protocol|ICMP]] packets exist too, such as 'pingd' – the [[userspace]] [[Ping (networking utility)|ping]] request responder.<ref>[http://artofhacking.com/files/phrack/phrack52/P52-07.TXT Linux Ping Daemon] by route|daemon9 - Phrack Magazine Volume 8, Issue 52 January 26, 1998, article 07{{dead link|date=January 2014}}</ref> |
|||
== 1999年木马事件 == |
== 1999年木马事件 == |
||
| 第45行: | 第36行: | ||
== 外部链接 == |
== 外部链接 == |
||
*[http://www.softpanorama.org/Net/Network_security/TCP_wrappers/index.shtml Softpanorama |
*[http://www.softpanorama.org/Net/Network_security/TCP_wrappers/index.shtml Softpanorama上有关TCP Wrappers的信息] |
||
| ⚫ | |||
*[http://www.360is.com/03-tcpwrappers.htm A laymans guide to TCP Wrappers and its history] |
|||
| ⚫ | |||
{{DEFAULTSORT:Tcp Wrapper}} |
{{DEFAULTSORT:Tcp Wrapper}} |
||
2014年11月1日 (六) 10:22的版本
| 開發者 | Wietse Venema |
|---|---|
| 当前版本 | 7.6 (1997年4月8日) |
| 操作系统 | 类Unix系统 |
| 类型 | 安全 |
| 许可协议 | BSD许可证 |
| 网站 | [1] |
TCP Wrapper是一个基于主机的网络访问控制表系统,用于过滤对类Unix系统(如Linux或BSD)的网络访问。其能将主机或子网IP地址、名称及ident查询回复作为筛选标记,实现访问控制。
原始代码是1990年左右由荷兰人Wietse Venema编写的,目的是监视埃因霍温理工大学数学和计算机科学系的Unix工作站上的黑客行动。[1]Wietse Venema一直维护这个程序到1995年;2001年6月1日,在其自己的BSD风格的许可证下发布。
1999年木马事件
1999年1月,软件在艾恩德霍芬技术大学的分发包被修改后的版本替换,其包含一个被木马感染的软件版本,入侵者可以访问安装了此版本软件的任何一个服务器。作者在几个小时内发现了这个问题,此后他将主分发站点改为其个人网站[2][3][4][5]。
参见
参考文献
- ^ TCP WRAPPER - Network monitoring, access control, and booby traps. by Wietse Venema
- ^ CC/CERT Advisory CA-1999-01
- ^ CC/CERT Advisory CA-1999-02
- ^ backdoored tcp wrapper source code, by Wietse Venema, on Bugtraq, Jan 21, 1999
- ^ Announcement: Wietse's FTP site has moved, by Wietse Venema, on Bugtraq, Jan 21, 1999
- Lee Brotzman: Wrap a Security Blanket Around Your Computer Linuxjournal article 1997-08-01