Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

telnet and hosts.(allow/deny)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
iarkin
n00b
n00b


Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
PostPosted: Wed Apr 09, 2003 2:24 pm    Post subject: telnet and hosts.(allow/deny) Reply with quote
Hello folks

I'm setting up a BBS that uses telnet as means for accessing it. Now we all know that telnet isn't the best alternative out there when it comes to security.
So my idea is to create a user called 'bbs-user', that has no password and that when logged in on telnets you to localhost

Code:
/etc/passwd:
bbs-user:x:1004:65533:,,,:/:/usr/bin/telnet -l bbs -E localhost


problem is, to use this i still have to run a telnetd on my machine.
The question is, how do i mod my hosts.allow and hosts.deny to only allow telnet connections from localhost? This without allowing users form telia.com and chalmers.se to telnet to my machine.

Code:
/etc/hosts.allow:
ALL: .chalmers.se
ALL: .telia.com

Code:
etc/hosts.deny:
ALL: PARANIOD


Thanks
/iarkin
Back to top
View user's profile Send private message
rtn
Guru
Guru


Joined: 15 Nov 2002
Posts: 427
PostPosted: Wed Apr 09, 2003 3:18 pm    Post subject: Reply with quote
LOCAL is a tcp wrapper alias for localhost, you can use that.

However, you have a greater problem then that - you can send a break
to a telnet session, which would allow these unauthenticated users to open
new tcp connections from your server. Not a terrific idea.

--rtn
Back to top
View user's profile Send private message
iarkin
n00b
n00b


Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
PostPosted: Wed Apr 09, 2003 3:28 pm    Post subject: Reply with quote
rtn wrote:
LOCAL is a tcp wrapper alias for localhost, you can use that.


okay, how? :)

rtn wrote:

However, you have a greater problem then that - you can send a break
to a telnet session, which would allow these unauthenticated users to open
new tcp connections from your server. Not a terrific idea.


Well, that's what the '-E' flag does (i hope :D ) form man telnet
Code:
-E      Stops any character from being recognized as an escape character.


/iarkin[/quote]
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy