Re: Telnet to open ports

Subject: Re: Telnet to open ports
From: Matthew 'Fringe' Duhan (fringe@shore.net)
Date: Sat Sep 29 2001 - 10:44:25 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Bacil D. Warren, Lead Programmer: "Re: Telnet to open ports"
• Previous message: Kitt Thompson: "hfspulsutils"
• In reply to: Iain Stevenson: "Re: Telnet to open ports"
• Next in thread: SFalken: "Re: Telnet to open ports"
• Next in thread: Patrick Callahan: "Re: YDL 1.2 -> 2.X Upgrade"
• Reply: Matthew 'Fringe' Duhan: "Re: Telnet to open ports"

On Sat, 29 Sep 2001, Iain Stevenson wrote:
>on 29/9/01 7:33 am, Brian Watson at bcwatso1@uiuc.edu wrote:
>
>> It is possible to telnet into different ports that contain open
>> services, like ftp, smtp, pop3, etc.
>
>... quite often, yes. It can be handy for testing.
>
>> Is there anyway to turn this
>> off?
>
>tcpwrappers (the thing that is controlled by /etc/hosts.allow and
>/etc/hosts.deny) is the first line of defence. Many programs are built to
>check with tcpwrappers before allowing a connection. So you should make
>sure it is set up appropriately for your system. A search will turn up some
>documentation on how to configure tcpwrappers (eg
>http://www.linuxdoc.org/LDP/LG/issue46/pollman/tcpwrappers.html).
>
>xinetd is typically used to start pop3, imap and telnet. You should look
>through /etc/xinetd.conf and comment out any config lines for services that
>you do not use.
>
>However, programs that run as daemons (ftp, smtp etc) can run independently
>of xinetd and may not use tcpwrappers. For those that you don't need, the
>best option is to stop them from being started at all. For the rest, you
>should read how to use their in-built security features and configure access
>control as appropriate.
>
>> Should I be worried about this?
>
>Definitely - unless you're already behind a firewall that blocks incoming
>access.
>
> Iain

As a followup to this, is there a way to block access to specific ports
within a service via tcpwrappers? I'm planning on running a MUVE on my
machine and thus will need to allow players to be able to telnet to that
port on which the MUVE is running. However, I (obviously) don't want to open
telnet access to the lower ports to everyone. Any ideas on how I can
accomplish this? All the tcpwrappers documentation I've seen talks of
blocking from specific domains or IPs, but mentions nothing about blocking
specific ports. Am I going about this the wrong way? Please help. Thanks.

Sincerely,
Matt
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Matthew Duhan fringe@shore.net http://shell2.primushost.com/~fringe
When I want my opinions I'll ask me for them.
WWW, HTML, VR, MOO, HRSFA, TMBG, DNA--any more initials and I'll go insane
The limb is a treat, not to be shared.

• Next message: Bacil D. Warren, Lead Programmer: "Re: Telnet to open ports"
• Previous message: Kitt Thompson: "hfspulsutils"
• In reply to: Iain Stevenson: "Re: Telnet to open ports"
• Next in thread: SFalken: "Re: Telnet to open ports"
• Next in thread: Patrick Callahan: "Re: YDL 1.2 -> 2.X Upgrade"
• Reply: Matthew 'Fringe' Duhan: "Re: Telnet to open ports"

This archive was generated by hypermail 2a24 : Sat Sep 29 2001 - 10:00:23 MDT