Re: Telnet to open ports

Subject: Re: Telnet to open ports
From: Ken Schweigert (ken@byte-productions.com)
Date: Mon Oct 01 2001 - 08:08:09 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ruprecht, Chris: "Re: Telnet to open ports"
• Previous message: Matt Larson: "Re: Unable to compile DBI.pm"
• Next in thread: Ruprecht, Chris: "Re: Telnet to open ports"

I've been reading this thread and I'm really suprised nobody has mentioned
ipchains as a way to restrict access, or if you're using a 2.4 kernel,
iptables. If you only want JimBob and SallySue to connect to your machine,
you insert three rules into your chains/tables: one to accept connections
from JimBob's IP, one for SallySue's IP, and one to deny any other connection.
I guess this could be considered "blocking access with telnet".

Brian, I think you're a little confused about telnet. telnet is the client
program used to connect to a telnet server. By uninstalling telnet, you've
only prevented yourself from connecting out. By uninstalling telnetd, you
only prevent people from connecting to your telnet server.

Fortunately, IMHO, telnet can be used to connect to ports other than 23. As
someone previously posted, you can use telnet to simulate how a web browser
would connect to a webserver. You can also use telnet to simulate an email
client checking a POP3 account or sending mail to a SMTP server. telnet is
a very useful tool.

You shouldn't be so concerned about HOW someone connects to your services,
but rather WHO is connecting to them.

-- 
-Ken Schweigert, Aspiring Network Administrator
Byte Productions, LLC
http://www.byte-productions.com
On Sun, Sep 30, 2001 at 12:28:52AM -0700, Nathan Buck wrote:
> Brian Watson wrote:
> 
> > I'm still having trouble trying to restrict access.  I don't have telnet 
> > installed, but it is still possible for people to use telnet to access 
> > my smtp, pop3, and web servers.  Whenever I try to set it to go through 
> > tcpwrappers, the service doesn't startup when I restart xinetd.  How 
> > would I go about setting this up correctly?  I don't want people to get 
> > in with telnet at all on any service port.
> > 
> > --Brian
> > 
> 
> There is no way to disable an interactive connection verses a 
> programatic connection to something like smtp, pop3, or even httpd.  Its 
> the way the services are designed.
> 
> Why exactly do you want to explicitly disallow interactive access to 
> those services?  Theoretically if you were determined enough, you could 
> modify the source code of the serivces you wanted to modify to drop the 
> connection if they didnt' receive responses immediately, but of course 
> that's not very practical.
> 
> 
> 

• Next message: Ruprecht, Chris: "Re: Telnet to open ports"
• Previous message: Matt Larson: "Re: Unable to compile DBI.pm"
• Next in thread: Ruprecht, Chris: "Re: Telnet to open ports"

This archive was generated by hypermail 2a24 : Mon Oct 01 2001 - 07:18:02 MDT