Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!wuarchive!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpcc05!hpsgm2!hphkae0!ron
From: ron@hphkae0.HP.COM (Ron Baillie)
Newsgroups: comp.unix.large
Subject: Re: Watch dog
Message-ID: <1880001@hphkae0.HP.COM>
Date: 24 Sep 90 20:18:38 GMT
References: <5122@hemuli.tik.vtt.fi>
Organization: Hewlett-Packard Hong Kong (AEO)
Lines: 29

> / hphkae0:comp.unix.large / keijo@vttux1.vtt.fi (keijo tuominen) /  2:38 am  Sep 21, 1990 /
> 
> Does anyone know if somewhere is available a program that checks
> where from telnet/ftp/smtp connections are made and checks if 
> machine requesting connection is allowed to enter to that
> particular host.So if it is not allowed to do connection 
> the target machine should close connection and also make a log
> for that connection attempt.
> 
> Other problem:
> Is is a possible that when we notice that caller is a friendly machine
> we don't ask a login/password but instead of login we send some kind of
> information like this :
>  
On the first question, if your system uses /etc/inetd for networking, you
should be able to use /usr/adm/inetd.sec to decide which hosts can use
which service on your machine. Also, /etc/inetd supports logging of all
connections to various services, refused or otherwise, in /usr/adm/inetd.log.

On the second question, I don't know of any way to configure telnet/ftp or
whatever to do what you want, but you may get somewhere with /etc/hosts.equiv.
Otherwise, you'll have to write your own network service daemon to replace
telnet/ftp/rlogin etc. This is not as difficult as it might seem, as there are
many good books and manuals on socket programming. I once wrote a daemon which
was similar to 'ftpd', and it was only about 200 lines of C.

Hope this helps.

Ron.