In <[log in to unmask]> [log in to unmask] writes:

[snip]

> For our auditors I am comparing this TCP Wrappers security with what is
> available on the HP3000.  Here is what I think I know so far.  Comments,
> clarifications, corrections, etc. are welcome.
>
> telnet --
> controlled by INETDSEC.NET.SYS very similar to TCP Wrappers.
>
> ftp --
> Only control for incoming requests is user/account passwords.  Another option
> is to not run the background listener job to prevent ftp requests from all
> other systems.

True. Though <plug> Office Extend FTP can restrict connection by IP address-
though not using inetdsec- and allows you to define which logins ARE allowed,
vs. allowing any you can guess passwords for. </plug>

Neither HP's ftp (nor ours) uses the inetd security; neither app uses the
bsd socket libs (which are necessary to run under inetd); netipc apps don't
fork nicely (the socket descriptors don't make it).

> finger, talk, rlogin, and rexec -- (here my knowledge gets shaky).
> The HP3000 does not seem to handle these incoming requests. finger, talk,
> rlogin, and rexec do not seem to exist on the HP3000. rsh seems to exist, but
> only for local use.

Don't know of a public finger client (nor any hp3000 site that'd want one
that advertises MPE users); we do have a built-in finger in NetMail/3000
(which can be turned off) which only allows "finger" probes for mailboxes,
and only those that are designated as "to be advertised".

Also don't know of any talk daemon/client ported to MPE. rlogin/rexec ports
exist (see ftp.telamon.com and other software sites) though I don't recall
if they're clients or daemons (or if they're inetd'able for that matter,
though if they're actual ports they probably are). Jazz also has a few
r@ ports, though caveat emptor.

HTH,
  Chris Bartram


------------------
Quote for the day:
Glory is fleeting, but obscurity is forever.