tcpd works as a wrapper around programs that are spawned by inetd. Typically, tcpd is invoked from /etc/inetd.conf by a line such as
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetdHere, instead of the telnet daemon in.telnetd being spawned directly, tcpd is spawned with in.telnetd as an argument.
Mar 10 09:49:29 andrew ftpd[4867]: ANONYMOUS FTP LOGIN FROM na1p34.ark.com [207.107.182.97], guestNote that services may be completely disabled in inetd.conf by commenting entries out, then restarting inetd (typically killall -HUP inetd).
tcpd allows restriction by domain and trapping using the files /etc/hosts.deny, /etc/hosts.allow. This is documented in the hosts_access(5) manpage. A hosts.allow file may contain e.g.
in.telnetd : .triumf.ca, LOCAL portmap: 142.90.0.0/255.255.0.0which allows telnet access from TRIUMF, and port mapper (including NFS) from the TRIUMF subnet. A hosts.deny file may contain e.g.
in.telnetd : ALL: spawn ( /usr/sbin/rfinger %a %h %d %u ) &which denys telnet access to all hosts not listed in hosts.allow, and attempts to finger the remote host to discover more information. (rfinger is not a standard Unix command - it's a script which executes safe_finger and traceroute)
TCP and UDP services are given in /etc/services.
NETSTAT, SYSTAT and FINGER give out system information and lists of
other machines at TRIUMF.
CHARGEN is a character generator and generates a
continuous stream of
data. There have been reports of people using it to set up web pages
which will crash browsing machines.
RSHELL, REXEC, RLOGIN allow remote login, potentially without a password,
and remote execution of programs.
RPC* services allow remote procedure calls, and are used by NFS mount and
many data acquisition and controls programs. One might consider
restricting these to authorized subnets.
SMTP is an Internet mail server. These have been used to relay junk mail
POP* are mail retrieval servers for PCs
PCNFSD is an NFS-like server for PCs
NNTP is Usenet News
See also
A.Daviel