[NCLUG] Close Your Telnet Port

Matt Pujol mattp at lsil.com
Wed Jul 25 11:21:56 MDT 2001 

rpc is another good one to shutdown.  I regularly get a gethostname request
that's overloaded with some executable code.  I think I hacked
/etc/inetd.conf or something like that to turn it off, but I'm a marketing
guy so my memory retention is limited to what I last drank for lunch.

/***********************
Matt Pujol
Product Marketing Manager
1394 and USB CoreWare Technologies
ASIC Digital Entertainment Marketing

LSI Logic
2001 Danfield Court
Fort Collins, Co 80525
970-206-5816
matt.pujol at lsil.com
***********************/


-----Original Message-----
From: nclug-admin at nclug.org [mailto:nclug-admin at nclug.org]On Behalf Of
John L. Bass
Sent: Wednesday, July 25, 2001 11:17 AM
To: nclug at nclug.org
Subject: Re: [NCLUG] Close Your Telnet Port


	If you haven't already, shut down your telnet daemon.
	The telnetd in the linux netkit is believed to be
	vulnerable.   For what it is worth, my network was
	scanned for this vulnerability by a host in Uruguay
	two days ago.

Or restrict access to trusted hosts/networks with xinetd or tcpwrappers.
This will allow you to use telnet from clients that don't support some other
access like ssh.

If you are running xinetd (standard on later RH and derivatives like
KRUD distributions) you can edit /etc/xinetd.d/telnet to restrict access
using the "only_from" option:

# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
	only_from	= 192.168.1.0
}

If you are running tcpwrappers (standard on later RH and derivatives like
KRUD distributions) make sure default access is restricted in
/etc/hosts.deny,
and that in /etc/hosts.allow trusted hosts/networks are enabled.

#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
ALL:		ALL


If you are using your linux box as a router/firewall/NAT device, you
can continue to allow telnet from trusted inside networks, and external
trusted sites.

#
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
ALL:		LOCAL, 192.168.1.
in.telnetd:	192.168.2.254
in.ftpd:	ALL


Have Fun!
John Bass
_______________________________________________
NCLUG mailing list
NCLUG at nclug.org
http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list