Wrappers - Don't give them the chance

What are wrappers?

TCP Wrappers is a package developed by Wietse Venema at the Eindhoven University of Technology as a countermeasure against attacks on their university systems.

TCP wrappers can monitor and filter incoming requests for telnet, ftp, rlogin, rsh, finger, talk, and just about anything else that run out of inetd.conf.

TCP wrappers are very simple. The wrapper daemon gets run instead of the original daemon in the inetd.conf file, does a check to see if the host is allowed to connect and then runs the original daemon if it passes the check.

How it works: Original telnetd line in inetd.conf.

telnet  stream  tcp     nowait  root    in.telnetd      in.telnetd

With TCP wrappers installed:

telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd

Most linux machines come with TCP wrappers installed but they compile it with the default options so the first thing you'll need to do is get the source and recompile. When you recompile you will want to change a few things in the Makefile.

Configuration

Here are some configuration examples

As with any tool tha affects your system security you should read the instructions and understand what you're doing before installing it.

Availability

You can get the TCP Wrappers package from UIArchive.