diff options
author | jkh <jkh@FreeBSD.org> | 2000-02-17 04:52:23 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 2000-02-17 04:52:23 +0000 |
commit | 9c75578bb89a718f324c5e6996468c2666476bf6 (patch) | |
tree | eff18141010b910ac01000de477ed2a0568dd7c9 /etc/hosts.allow | |
parent | bdacbefdd5fe2e9dc8fc8489a70aa05ba1491385 (diff) | |
download | FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.zip FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.tar.gz |
The default rule in this file actually sent mail to root as its default
action when denying access to a service. Unfortunately, this also makes
a dandy denial-of-service attack possible. Change to just log the event
and shoot a "go away" response back down the socket.
Diffstat (limited to 'etc/hosts.allow')
-rw-r--r-- | etc/hosts.allow | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow index 4b96efb..2f99941 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -65,8 +65,7 @@ fingerd : ALL \ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ : deny -# The rest of the daemons are protected. Backfinger and log by email. +# The rest of the daemons are protected. ALL : ALL \ - : severity auth.info : spawn (/usr/bin/finger -l @%h | \ - /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \ + : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h." |