Subject: Re: Telnet to open ports
From: Robert Vogt IV (robert@arborhost.com)
Date: Sat Sep 29 2001 - 14:27:25 MDT
Brian,
I think there's a conceptual issue here. Telnet is pretty close
to plain text over a TCP socket. The protocols you mentioned transfer
everything in plain text. Thus, using the telnet client is equivalent to
a remote box using a 'real' client (i.e. Outlook) connecting to the
service. There is no additional insecurity here, since one could achieve
the same effect with a hacked/modified 'real' client. :) However, there's
really nothing to worry about, since the servers _DO_ check for proper
input and permissions (ie. for relaying, etc).
Here's a simple test - connect to port 80 with telnet ("telnet
localhost 80") and type:
GET / http/1.0
<2 newlines>
You should get back your index page. Try putting random garbage
in there... you should get an invalid request error. :) The same goes for
POP and SMTP.
Sincerely,
Robert Vogt IV
ArborHost
> I'm still having trouble trying to restrict access. I don't have
> telnet installed, but it is still possible for people to use telnet
> to access my smtp, pop3, and web servers. Whenever I try to set it
> to go through tcpwrappers, the service doesn't startup when I restart
> xinetd. How would I go about setting this up correctly? I don't
> want people to get in with telnet at all on any service port.
>
> --Brian
>
This archive was generated by hypermail 2a24 : Sat Sep 29 2001 - 13:37:08 MDT