Subject: Re: Telnet to open ports
From: Iain Stevenson (iain@IainStevenson.com)
Date: Sat Sep 29 2001 - 02:22:51 MDT
on 29/9/01 7:33 am, Brian Watson at bcwatso1@uiuc.edu wrote:
> It is possible to telnet into different ports that contain open
> services, like ftp, smtp, pop3, etc.
... quite often, yes. It can be handy for testing.
> Is there anyway to turn this
> off?
tcpwrappers (the thing that is controlled by /etc/hosts.allow and
/etc/hosts.deny) is the first line of defence. Many programs are built to
check with tcpwrappers before allowing a connection. So you should make
sure it is set up appropriately for your system. A search will turn up some
documentation on how to configure tcpwrappers (eg
http://www.linuxdoc.org/LDP/LG/issue46/pollman/tcpwrappers.html).
xinetd is typically used to start pop3, imap and telnet. You should look
through /etc/xinetd.conf and comment out any config lines for services that
you do not use.
However, programs that run as daemons (ftp, smtp etc) can run independently
of xinetd and may not use tcpwrappers. For those that you don't need, the
best option is to stop them from being started at all. For the rest, you
should read how to use their in-built security features and configure access
control as appropriate.
> Should I be worried about this?
Definitely - unless you're already behind a firewall that blocks incoming
access.
Iain
This archive was generated by hypermail 2a24 : Sat Sep 29 2001 - 01:40:18 MDT