On Mon, 10 Dec 2001, Matthew Kirkwood wrote:

> s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
>
> it seems that I get only ICMP packets (is this a Linux-only
> thing?).

I think the answer is yes and yes. Anyway, such a thing should probably
be called "icmp" rather than "raw".

> > With inetd.d.off, it would be too easy to turn the service on
> > accidently when you upgrade a corresponding package.
>
> Not a bad solution, then. Have the real files in something
> like inetd.d.off and make symlinks for the active ones.

Now, you have /etc/init.d will a silly name (.off suffix suggests the
directory contains services that are off). :)

> Needs something clever for services which are on by default,
> though.

I dare to say *no* network services should be on by default. The amount
of boxes running an instance of every service included in the default
system installation (including those having well known vulnerabilities)
is already too high and there is no need to even make it even higher in
the name of luser friendliness.

--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]