[NCLUG] Close Your Telnet Port
Matt Pujol
mattp at lsil.com
Wed Jul 25 11:21:56 MDT 2001
rpc is another good one to shutdown. I regularly get a gethostname request
that's overloaded with some executable code. I think I hacked
/etc/inetd.conf or something like that to turn it off, but I'm a marketing
guy so my memory retention is limited to what I last drank for lunch.
/***********************
Matt Pujol
Product Marketing Manager
1394 and USB CoreWare Technologies
ASIC Digital Entertainment Marketing
LSI Logic
2001 Danfield Court
Fort Collins, Co 80525
970-206-5816
matt.pujol at lsil.com
***********************/
-----Original Message-----
From: nclug-admin at nclug.org [mailto:nclug-admin at nclug.org]On Behalf Of
John L. Bass
Sent: Wednesday, July 25, 2001 11:17 AM
To: nclug at nclug.org
Subject: Re: [NCLUG] Close Your Telnet Port
If you haven't already, shut down your telnet daemon.
The telnetd in the linux netkit is believed to be
vulnerable. For what it is worth, my network was
scanned for this vulnerability by a host in Uruguay
two days ago.
Or restrict access to trusted hosts/networks with xinetd or tcpwrappers.
This will allow you to use telnet from clients that don't support some other
access like ssh.
If you are running xinetd (standard on later RH and derivatives like
KRUD distributions) you can edit /etc/xinetd.d/telnet to restrict access
using the "only_from" option:
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
only_from = 192.168.1.0
}
If you are running tcpwrappers (standard on later RH and derivatives like
KRUD distributions) make sure default access is restricted in
/etc/hosts.deny,
and that in /etc/hosts.allow trusted hosts/networks are enabled.
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
If you are using your linux box as a router/firewall/NAT device, you
can continue to allow telnet from trusted inside networks, and external
trusted sites.
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: LOCAL, 192.168.1.
in.telnetd: 192.168.2.254
in.ftpd: ALL
Have Fun!
John Bass
_______________________________________________
NCLUG mailing list
NCLUG at nclug.org
http://www.nclug.org/mailman/listinfo/nclug
More information about the NCLUG
mailing list