Subject: Re: Telnet to open ports
From: Bacil D. Warren, Lead Programmer (quixotic_raindrop_sw@mac.com)
Date: Sat Sep 29 2001 - 14:15:58 MDT
on 9/29/01 1:07 PM, Brian Watson <bcwatso1@uiuc.edu> is purported to have
said:
> I'm still having trouble trying to restrict access. I don't have
> telnet installed, but it is still possible for people to use telnet
> to access my smtp, pop3, and web servers. Whenever I try to set it
> to go through tcpwrappers, the service doesn't startup when I restart
> xinetd. How would I go about setting this up correctly? I don't
> want people to get in with telnet at all on any service port.
If you open the port, there is no way to restrict access only to specified
programs on the client side. If you open port 110 for pop3 access, it is
open for access to anyone on the allow list, regardless of what software
they use to access it. If you grant my IP access to your POP3 server, and I
write a Perl script to connect to it, you can't stop it short of denying
access to my address. As long as my client is allowed to access that port on
your server, I can (in theory, at least) use any software on my computer to
connect to it, including telnet, Netscape Messenger, fetch, Interarchy, or
any home-grown app I have, _et al_.
-- Bacil D. Warren, CNA Lead Programmer, CEO Quixotic Raindrop Software quixotic_raindrop_sw@mac.com
This archive was generated by hypermail 2a24 : Sat Sep 29 2001 - 13:25:49 MDT