Subject: Re: Telnet to open ports
From: Brian Watson (bcwatso1@uiuc.edu)
Date: Sat Sep 29 2001 - 10:14:20 MDT
>on 29/9/01 7:33 am, Brian Watson at bcwatso1@uiuc.edu wrote:
>
>> It is possible to telnet into different ports that contain open
>> services, like ftp, smtp, pop3, etc.
>
>... quite often, yes. It can be handy for testing.
>
>> Is there anyway to turn this
>> off?
>
>tcpwrappers (the thing that is controlled by /etc/hosts.allow and
>/etc/hosts.deny) is the first line of defence. Many programs are built to
>check with tcpwrappers before allowing a connection. So you should make
>sure it is set up appropriately for your system. A search will turn up some
>documentation on how to configure tcpwrappers (eg
>http://www.linuxdoc.org/LDP/LG/issue46/pollman/tcpwrappers.html).
>
>xinetd is typically used to start pop3, imap and telnet. You should look
>through /etc/xinetd.conf and comment out any config lines for services that
you do not use.
I tried following the example on that site, but I just blocked out
the service completely. I have xinetd services in a separate
directory, but I have disabled all of the ones that I don't use,
including telnet. However, people can still telnet into the services
I have open, like pop3 and smtp. Here's an example of my proftpd
file in the xinetd directory:
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.proftpd
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
}
I have
in.telnetd: ALL: DENY
in my hosts.deny file. I was looking at the page on tcpwrappers, but
it didn't seem to help much in terms of getting it setup properly
with individual services.
--Brian
This archive was generated by hypermail 2a24 : Sat Sep 29 2001 - 09:24:16 MDT