<HTML>

<HEAD>

<title>TCP Wrappers Disclosed</title>

<STYLE type=text/css>A:active {

	TEXT-DECORATION: none

}

A:hover {

	TEXT-DECORATION: underline

}

A:link {

	TEXT-DECORATION: none

}

A:visited {

	TEXT-DECORATION: none

}

</STYLE>



</HEAD>

<BODY aLink=#ccff00 bgColor=#000000 leftMargin=20 link=#99ccff text=#cccccc 

topMargin=3 vLink=#cc99ff marginwidth="0" marginheight="0">

<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">

  <tr> 

    <td width="693"> 

      <pre>

                        :::::::::   ::::::::  :::::::::  :::::::::: 

                        :+:    :+: :+:    :+: :+:    :+: :+:        

                        +:+    +:+ +:+        +:+    +:+ +:+        

                        +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#   

                        +#+    +#+        +#+ +#+    +#+ +#+        

                        #+#    #+# #+#    #+# #+#    #+# #+#        

                        #########   ########  ###    ### ###  

                         

              	             <a href="http://blacksun.box.sk">http://blacksun.box.sk</a> 

                            

                           _____________________________

    ______________________I       <b>   Topic:</b>            I_____________________

   \                      I                            I                    /

    \     HTML by:        I        <b>TCP Wrappers</b>        I   Written by:     /

    >                     I         <b>Disclosed</b>          I                  < 

   /      <a href="mailto:rammal81@hotmail.com">Mikkkeee</a>        I____________________________I   <a href="mailto:rammal81@hotmail.com">Mikkkeee</a>        \

  /__________________________>                    <_________________________\</pre>

    </td>

  </tr>

</table><br>

   



<BR>



<P>1-<A HREF="#basic intro">Basic Introduction to TCP Wrappers</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT>        <A HREF="#logging">Logging</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#999999">=</FONT>        <A HREF="#links">Finding

TCP Wrappers(links)</A>



<P>2-C<A HREF="#config/setting">onfigure/setting up TCP Wrappers</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#inetd.conf">Configure

the inetd.conf file</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#hosts.allow">hosts.allow</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#hosts.deny">hosts.deny</A>

<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#variables">Optional

variables for shells commands</A>



<P>3-<A HREF="#conclusion">Conclusion</A>

<p>4-<A HREF="#shoutz">Greetz</a>



<P>Well here is another guide on a topic not covered by many tutorial writers.

This guide is somewhat intermediate so many concepts won't be discussed

cause they have been covered in other articles. You can always check

<a href="http://blacksun.box.sk">http://blacksun.box.sk</a> for the concepts not covered here.



<P>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

<BR><A NAME="basic intro"></A>1-Basic Introduction to TCP Wrappers

<BR>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



<P>Many of you guys reading this tutorial are not old enough to remember

the development of the TCP/IP protocols many years ago in the plan to help

join the variety of networks connected to the first Internet. Those first

systems to implement the TCP/IP protocols were government sites and academic

sites run by scientists, academics and government individuals. During the

early days, the need for security was nothing like the need we have today.

The User Datagram Protocol (UDP), Transmission Control Protocol (TCP) and

the Internet Protocol (IP) were all created with security as the least

important aspect in mind. The utilities that were developed later

like Telnet and FTP share the same faulty security, ie, both utilities

enforce "security" by making the user input a username and password that

is valid on the remote system. This security is faulty because both the

username/password are sent on the network as clear text and anyone with

little experience can sniff the user/pass with great ease. As advancements

in technology and TCP/IP progressed, TCP/IP became the most popular protocol

when it was implemented on Novell Netware and the UNIX operating system.

As the Internet came into our homes, the default network protocol package

has become adopted on all major computers and software vendors.

<BR>&nbsp;With this sudden surge in technology there is always the little

thing called "security" that has to be satisfied. Now there are many different

products that can be used by an admin to enhance his network security,

hence the idea of a firewall and its components, one of them is " TCP wrappers."&nbsp;

Dealing with constant hacker attacks against his University's computers,

<a href="mailto:wietse@wzv.win.tue.nl">Wietse Venema</a> from Eindhoven University of Technology was the first person

to develop TCP wrappers. So now you ask what are they? Well TCP Wrappers

restrict which networks services can be used and which hosts are going

to be allowed to use these services. TCP Wrappers can be configured to

handle many of the basic netowrk services found our on your unix box, ie,&nbsp;

Finger, FTP, Telnet, Rlogin,TFTP and the list goes on and on. Well

we have to answer what do these services share in common, well if you haven't

noticed they all share a one-to-one mapping between the service name and

the executable program that provides the service, so that sets us up on

the intro, on to how TCP wrappers work.

<p>-=-=-=-=-=

<br><A NAME="logging"></A>Logging

<br>-=-=-=-=-=<br>

<BR>On a linux box, when the inetd daemon gets a network request, it first

determines which service to startup based on the port number the service

runs from. In the file /etc/services a mapping of port numbers to

service names can be found. After inetd has processed which service to

start up, it then reads inetd.conf to know what program it should run to

answer the network request. Now for the TCP Wrappers Daemon (tcpd)

to make access/deny control decisions and to perform its duties of logging,

you must first edit the inetd.conf file to specify that the tcpd runs instead

of the executable that normally satisfies the service request. tcpd

performs its job by allowing the host that is making the request to use

the service, if allowed tcpd starts the executable for that specific service,

so in all TCP wrappers really work by putting itself between inetd and

the network service requested.

<BR>In the last paragraph i mentioned something about the logging ability

of TCP wrapper, well that will be explained here. TCP Wrappers allow you

to log who is using the service on your box so you can trace and halt any

suspicious activity waiting. Logging information is sent to the syslogd,

which also provides the core logging facility for the unix box. To tell

syslogd what to do with these log enteries, you can control what is done

by editing the /etc/syslog.conf file. Setup on default, TCP wrappers

sends its logging info to the same place as the transaction logs of the

sendmail daemon, so syslogd can log info to one or more files, either the

system or user console.

<BR>Since I am guessing your an intermediate linux user, you might have

already come across TCP wrappers before as part of your linux/unix package.

TCP Wrappers usually come in .c code so you have to compile it, you

should be familiar with compiling code on your box. TCP wrappers are very

popular among security people and paranoid hackers so first check your

linux package cause you might already have one and if you don't here are

some links.<br><p>

-=-=-=-=-=<br>

<A NAME="links"></A>Links<br>-=-=-=-=-=



<P><a href="ftp://ftp.porcupine.org/pub/security/index.html">ftp://ftp.porcupine.org/pub/security/index.html</a> * get everything at this page!

<BR>Here are some more significant links if you wish to learn more about the tcp wrapper package!<br>

<a href="ftp://cert.org:/pub/tools/tcp_wrappers/tcp_wrappers.*">ftp://cert.org:/pub/tools/tcp_wrappers/tcp_wrappers.*</a>

<br>

<a href="ftp.win.tue.nl:/pub/security/long_tcp.shar.Z">ftp.win.tue.nl:/pub/security/long_tcp.shar.Z</a>

<br>

<a href="http://packetstorm.securify.com">http://packetstorm.securify.com</a>



<BR>



<P>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

<BR>2-<A NAME="config/setting"></A>Configure/Setting up TCP Wrappers

<BR>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



<P>Now that you have found the TCP wrapper source code/compiled successfully

you will need to config/setup TCP wrappers. When you have the tcpd executable,

you now have to go to the second job, editing inetd.conf, hosts.allow,

and hosts.deny!



<P><A NAME="inetd.conf"></A>Configure the inetd.conf file

<BR>Lets configure the inetd daemon first!



<P>to edit this file at the prompt type the following

<BR>root@mike:~# pico /etc/inetd.conf

<BR>that will bring up the configuration file up in pico, here is a sample

of an entery that can be found in your inetd.conf file.

<BR>&nbsp;

<BR>&nbsp;



<PRE>

		              wait/nowait

			      if wait, inetd starts up a process for a 	

   	                      request then waits till done to start another 

			      request.  If nowait starts up a process and 

            stream	      doesn't wait till it starts another process, 

      dgram, or datagram      but simply goes and does the next.

	     \  	       \

     ftp   stream     tcp   nowait  root  /usr/sbin/wu.ftpd wu.fptd -l -i -o

       /                 \               \            \              \  

name of service         protocol        Uid either     \              \  

like telnet, finger     tcp or udp      root or another \              |

			defined in      user             \             |

			/etc/protocols           name of server        | 

			file                     program inetd         |

					         starts up             |