86N/A@(#) BLURB 1.28 97/03/21 19:27:18
86N/AWith this package you can monitor and filter incoming requests for the
86N/ASYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
86N/AThe package provides tiny daemon wrapper programs that can be installed
86N/Awithout any changes to existing software or to existing configuration
86N/Afiles. The wrappers report the name of the client host and of the
86N/Arequested service; the wrappers do not exchange information with the
86N/Aclient or server applications, and impose no overhead on the actual
86N/Aconversation between the client and server applications.
86N/AThis patch upgrades the tcp wrappers version 7.5 source code to
86N/Aversion 7.6. The source-routing protection in version 7.5 was not
86N/Aas strong as it could be. And all this effort was not needed with
86N/Amodern UNIX systems that can already stop source-routed traffic in
86N/Athe kernel. Examples are 4.4BSD derivatives, Solaris
2.x, and Linux.
86N/AThis release does not introduce new features. Do not bother applying
86N/Athis patch when you built your version
7.x tcp wrapper without
1938N/Aenabling the KILL_IP_OPTIONS compiler switch; when you can disable
86N/AIP source routing options in the kernel; when you run a UNIX version
86N/Athat pre-dates 4.4BSD, such as SunOS 4. Such systems are unable to
86N/Areceive source-routed connections and are therefore not vulnerable
86N/Ato IP spoofing attacks with source-routed TCP connections.
618N/AA complete change log is given in the CHANGES document. As always,
86N/Aproblem reports and suggestions for improvement are welcome.
844N/A Wietse Venema (wietse@wzv.win.tue.nl),
844N/A Department of Mathematics and Computing Science,
86N/A Eindhoven University of Technology,
86N/A Currently visiting IBM
T.J. Watson Research, Hawthorne NY, USA.