X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-0.6 required=5.0 tests=BAYES_40,J_CHICKENPOX_55,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: sourceware.org Date: Tue, 30 Dec 2008 19:47:31 -1000 (HST) From: Antonio Querubin To: Charles Wilson cc: Cygwin Mailing List Subject: Re: cygwin-1.7, sshd, tcpd, and IPv6/Vista In-Reply-To: <495AAD1D.4080203@cwilson.fastmail.fm> Message-ID: References: <495AAD1D DOT 4080203 AT cwilson DOT fastmail DOT fm> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Tue, 30 Dec 2008, Charles Wilson wrote: > So, the "allow" entries in hosts.allow are really only enabling access > form the actual "127.0.0.1" aka "::1" machine -- that is, the actual > local host. They do not REALLY enable access from those bad guys that > spybot maps to localhost. > > Can anybody think of an alternate explanation (perhaps this is a bug in > cygwin-1.7's resolver code, or a bug I haven't spotted in tcpd?) Am I > being too blase' about modifying hosts.allow as > > ALL : 127.0.0.1/32 : allow > ALL : [::1]/128 : allow > ALL : PARANOID : deny > sshd: all > > or, am I right that doing so is perfectly safe even with a munged up > hosts file -- and if so, should I modify the default hosts.allow shipped > with tcp_wrappers? It's perfecty valid. FreeBSD's default /etc/hosts.allow is setup that way so you're in good company. Antonio Querubin whois: AQ7-ARIN -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/