Xinetd is a secure, powerful and efficient replacement for the old Internet services daemons named inetd and tcp_wrappers. Xinetd can control denial-of-access attacks by providing access control mechanisms for all services based on the address of the remote client that wants to connect to the server as well as the ability to make services available based on time of access, extensive logging, and the ability to bind services to specific interfaces.. . .
Xinetd is a secure, powerful and efficient replacement for the old Internet services daemons named inetd and tcp_wrappers. Xinetd can control denial-of-access attacks by providing access control mechanisms for all services based on the address of the remote client that wants to connect to the server as well as the ability to make services available based on time of access, extensive logging, and the ability to bind services to specific interfaces.

But wait, Xinetd is NOT efficient or adequate for all services, especially for services like FTP and SSH. It is far better to run these services as standalone daemons (if possible). Loading services like FTP or SSH, as standalone daemons will eliminate load time and will even reduce swapping since non-library code will be shared. Also, most services that required the super-servers to run have now very good access control mechanisms; therefore, don't think that if you run these services through Xinetd you will necessarily gain additional security.

A few security features of Xinetd are:

  1. Provides access control mechanisms.
  2. Prevents denial of service attacks.
  3. Extensive logging abilities.
  4. Offloads services to a remote host.
  5. Make services available based on time.
  6. Limits on the number of servers that can be started.
  7. IPv6 support.

The link for this article located at Gerhard Mourani / OpenNA is no longer available.