Pick a Free OS

User login

Navigation

Network monitoring, access control & booby traps using TCP Wrappers: Part 1

We are on a client Linux box called foo1.bar and want to connect to a remote Linux box called foo2.bar which resides on a remote network. We then use the telnet client application from my box i.e foo1.bar to connect to the remote telnet server box foo2.bar. Have a look at the graphical illustrations as given below.


              -------------------      -----------------    -----------

foo1.bar---| client(ftp,telnet..) |---------| INETD server |--------| login |

            --------------------      -----------------    -----------

Figure 1. The inetd daemon process listens on the ftp,

telnet etc. network ports and waits for incoming con-

nections. The figure shows that a user has connected to

the ftp/telnet port.


            -----------------      -----------------    ---------

     user---| telnet client |--------| telnet server |--------| login |

            -----------------      -----------------    ---------

                   (foo1.bar)                           (foo2.bar) 

Figure 2. The inetd process has started a telnet

server process that connects the user to a login pro-

cess. Meanwhile, inetd waits for other incoming con-

nections. This illustrates an unprotected machine.

Fortunately, the author of TCP wrapper came up with a simple solution that did not require any change to existing software, and that turned out to work on all UNIX systems that were ever tried it on. The trick was to make a swap. Move the vendor-provided network server programs to another place, and install a trivial program in the original place of the network server programs. Whenever a connection was made, the trivial program would just record the name of the remote host, and then run the original network server program.


            -----------------      -----------------

     user---| telnet client |---------|  tcp wrapper  |----> logfile

            -----------------      -----------------

               (foo1.bar)                                (foo2.bar)

Figure 3. The original telnet server program has been

moved to some other place, and the tcp wrapper has tak-

en its place. The wrapper logs the name of the remote

host to a file. This illustrates a protected machine.