The original code was written by Wietse Venema at the Eindhoven University of Technology, The Netherlands, between 1990 and 1995. As of June 1, 2001 the program is released under its own BSD-style license.
The tarball includes a library named libwrap that implements the actual functionality. Initially, only services that were spawned for each connection from a super-server (such as inetd) got wrapped, utilizing the tcpd program. However most common network service daemons today can be linked against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs.
When compared to host access control directives often found in daemons' configuration files, TCP Wrappers have the benefit of runtime ACL reconfiguration (i.e. services don't have to be reloaded or restarted) and a generic approach to network administration.
This makes it easy to use for anti-Worm scripts, such as BlockHosts, DenyHosts or Fail2ban, to add and expire client-blocking rules, when excessive connections and/or many failed login attempts are encountered.
While originally written to protect TCP and UDP accepting services, examples of usage to filter on certain ICMP packets (such as 'pingd' – the userspace ping request responder) exist too.
1999 Trojan
In January 1999, the distribution package at Eindhoven university (the primary distribution site) was replaced by a modified version. The replacement contained a trojaned version of the software that would allow the intruder access to any server that it was installed on. The trojaned version was spotted within hours and the original was restored. Many claim it was spotted so quickly due to its open source nature.See also
References
- Wietse Venema: TCP WRAPPER Network monitoring, access control, and booby traps. July 15 1992
- Lee Brotzman: Wrap a Security Blanket Around Your Computer Linuxjournal article 1997-08-01
External links
This article is licensed under the GNU Free Documentation License.
Last updated on Friday July 25, 2008 at 14:10:47 PDT (GMT -0700)
View this article at Wikipedia.org - Edit this article at Wikipedia.org - Donate to the Wikimedia Foundation
The original code was written by Wietse Venema at the Eindhoven University of Technology, The Netherlands, between 1990 and 1995. As of June 1, 2001 the program is released under its own BSD-style license.
The tarball includes a library named libwrap that implements the actual functionality. Initially, only services that were spawned for each connection from a super-server (such as inetd) got wrapped, utilizing the tcpd program. However most common network service daemons today can be linked against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs.
When compared to host access control directives often found in daemons' configuration files, TCP Wrappers have the benefit of runtime ACL reconfiguration (i.e. services don't have to be reloaded or restarted) and a generic approach to network administration.
This makes it easy to use for anti-Worm scripts, such as BlockHosts, DenyHosts or Fail2ban, to add and expire client-blocking rules, when excessive connections and/or many failed login attempts are encountered.
While originally written to protect TCP and UDP accepting services, examples of usage to filter on certain ICMP packets (such as 'pingd' – the userspace ping request responder) exist too.
1999 Trojan
In January 1999, the distribution package at Eindhoven university (the primary distribution site) was replaced by a modified version. The replacement contained a trojaned version of the software that would allow the intruder access to any server that it was installed on. The trojaned version was spotted within hours and the original was restored. Many claim it was spotted so quickly due to its open source nature.See also
References
- Wietse Venema: TCP WRAPPER Network monitoring, access control, and booby traps. July 15 1992
- Lee Brotzman: Wrap a Security Blanket Around Your Computer Linuxjournal article 1997-08-01
External links
Copyright © 2008, Dictionary.com, LLC. All rights reserved.