The default rule in this file actually sent mail to root as its default

action when denying access to a service. Unfortunately, this also makes a dandy denial-of-service attack possible. Change to just log the event and shoot a "go away" response back down the socket.
author: jkh <jkh@FreeBSD.org> 2000-02-17 04:52:23 +0000
committer: jkh <jkh@FreeBSD.org> 2000-02-17 04:52:23 +0000
commit: 9c75578bb89a718f324c5e6996468c2666476bf6 (patch)
tree: eff18141010b910ac01000de477ed2a0568dd7c9 /etc/hosts.allow
parent: bdacbefdd5fe2e9dc8fc8489a70aa05ba1491385 (diff)
download: FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.zip
FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow
index 4b96efb..2f99941 100644
--- a/etc/hosts.allow
+++ b/etc/hosts.allow
@@ -65,8 +65,7 @@ fingerd : ALL \
 	 /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
 	: deny
 
-# The rest of the daemons are protected. Backfinger and log by email.
+# The rest of the daemons are protected.
 ALL : ALL \
-	: severity auth.info : spawn (/usr/bin/finger -l @%h | \
-	 /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d  (denied)" root) & \
+	: severity auth.info \
 	: twist /bin/echo "You are not welcome to use %d from %h."
author	jkh <jkh@FreeBSD.org>	2000-02-17 04:52:23 +0000
committer	jkh <jkh@FreeBSD.org>	2000-02-17 04:52:23 +0000
commit	9c75578bb89a718f324c5e6996468c2666476bf6 (patch)
tree	eff18141010b910ac01000de477ed2a0568dd7c9 /etc/hosts.allow
parent	bdacbefdd5fe2e9dc8fc8489a70aa05ba1491385 (diff)
download	FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.zip FreeBSD-src-9c75578bb89a718f324c5e6996468c2666476bf6.tar.gz