[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: timer restrictions



> > > Is there any reason why you could not make a module that would trigger
> > > such a firewalling event? I can imagine it having a use for things
> > > besides POP.
> >
> > I do not know if this function would fit completely within the scope of
> > PAM.  Dynamically altering your TCP wrapper access file.  You could hack
> > the tcpd stuff so that it updated a db type file.
> 
> This was my thought also.   TCP_wrapper is pretty common, and I'm
> surprised I haven't seen this mentioned before.  Pretty good for
> managing DOS attacks, as well as the most .... clients.  And works
> for non-authenticating connections.

Perhaps we're thinking of different things? This sort of functionality
certainly has no place inside libpam. However, I can't see why you
couldn't have a PAM module that tells the appropriate local/firewall
daemon that something strange is happenning on a connection from a.b.c.d
and wouldn't it be great if it stopped for some amount of time.

Are you thinking that embedding the daemon inside a module is a bad
idea? I completely agree with that.

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []