Network monitoring, access control & booby traps using TCP Wrappers: Part 1
Are any of you Linuxers familiar with Eindhoven University of Technology, Netherlands? If you are, you would be fairly familiar with the product that originated from the labs of the "Mathematics and Computing Science Department, Eindhoven University of Technology". By now, you should have figured out our object of concern. TCP Wrappers was born under an interesting set of circumstances. It won't be relevant for us to bore you with those circumstances but it sure warrants reading. It's a typical administrators saga trying to track down a hardened cracker whose ultimate goal was to obtain a remote shell to run "rm -rf /". Though the cracker was never brought to justice, the occurrence of such episodes throws light on the serious vulnerabilities on Unix architectures.
Before getting to know why we really need an application called TCP Wrappers, lets look at the protocols that our Internet/ Intranet is based upon. Most of the Intranets we come across and probably yours too is based upon the Ethernet standard offering 10/100 MBps data transfer duplex / half duplex on our Local Area Networks (LAN's). More recently, we have seen the emergence of Gigabit Ethernet in use for our corporate backbones. Ethernet as we know of is situated at the lower level in reference to the OSI model.
Ethernet is structured in such a way that it functions at the bottom of the OSI model. The Internet as we commonly know it is structured on the TCP protocol or Transmission Control Protocol. TCP/UDP works at the upper layers of the OSI model. We won't get into too much of the nitty gritty out here, but to be specific, TCP/UDP will work at the transport layer of the OSI model.