[NCLUG] Close Your Telnet Port
John L. Bass
jbass at dmsd.com
Wed Jul 25 11:16:46 MDT 2001
If you haven't already, shut down your telnet daemon.
The telnetd in the linux netkit is believed to be
vulnerable. For what it is worth, my network was
scanned for this vulnerability by a host in Uruguay
two days ago.
Or restrict access to trusted hosts/networks with xinetd or tcpwrappers.
This will allow you to use telnet from clients that don't support some other
access like ssh.
If you are running xinetd (standard on later RH and derivatives like
KRUD distributions) you can edit /etc/xinetd.d/telnet to restrict access
using the "only_from" option:
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
only_from = 192.168.1.0
}
If you are running tcpwrappers (standard on later RH and derivatives like
KRUD distributions) make sure default access is restricted in /etc/hosts.deny,
and that in /etc/hosts.allow trusted hosts/networks are enabled.
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
If you are using your linux box as a router/firewall/NAT device, you
can continue to allow telnet from trusted inside networks, and external
trusted sites.
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: LOCAL, 192.168.1.
in.telnetd: 192.168.2.254
in.ftpd: ALL
Have Fun!
John Bass
More information about the NCLUG
mailing list