[syslog-ng] Syslog-ng and tcpd
Matt Cuttler
mcuttler at bnl.gov
Tue Mar 24 22:19:12 CET 2009
Quoting Liam Kirsher from 3/24/09 3:35 PM
> Apparently, access is being denied, as it should be. It's just a little
> disconcerting to see the "connection accepted" message after it has been
> rejected.
>> telnet this.domain.com 5000
>> Trying 171.122.232.186...
>> Connected to this.domain.com.
>> Escape character is '^]'.
>> Connection closed by foreign host.
This would be the same behavior, as say a machine running sshd with
tcp_wrappers. If it really bothers you, perhaps check out the twist option
in hosts_access(5). At least with this, the "badguy" doesn't get any access
to your program, they get whatever shell command you chose (i.e. /bin/echo
"Bugger Off"), then disconnected.
OTOH, twist improperly implemented might get you in to more trouble :-)
-Matt Cuttler
More information about the syslog-ng
mailing list