Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.
Course Of The Month
9 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2- +5
10 Comments
This would depend on what criteria you are going to use to decide what is allowed and what isn't.
If you want to restrict which machines can telnet to your Linux box, inetd/xinetd can be configured to handle this or you could use firewall rules.
If you want to restrict which machines can telnet to your Linux box, inetd/xinetd can be configured to handle this or you could use firewall rules.
I could not find inetd, instead, I can find xinedt.d folder
which contains several files. One of which is telnet conf file. Is this the one I need to change in order to stop this service?
which contains several files. One of which is telnet conf file. Is this the one I need to change in order to stop this service?
usher, You might find this easy to do with only editing
the hosts.deny and hosts.allow files.
__________________________
Typically you should have your hosts.deny set as:
ALL: ALL
__________________________
Your hosts.allow you can add the ip of the machines that you want to allow to connect to your Linux box.
ALL: 192.168.1.24
__________________________
MindBender
the hosts.deny and hosts.allow files.
__________________________
Typically you should have your hosts.deny set as:
ALL: ALL
__________________________
Your hosts.allow you can add the ip of the machines that you want to allow to connect to your Linux box.
ALL: 192.168.1.24
__________________________
MindBender
You can restrict assessing your machine by two ways.
1. As said by MindBender. This is possible only if you are using TCP wrappers.
2. By filtering (using ipchains or iptables according to your kernel).
If the telnet conf file in ur xinetd.d contains a line like /usr/sbin/tcpd in.telnetd, then u had TCP wrappers installed and the method of MindBender is absolutely right to allocate telnet only to 192.168.1.24 machine.
If you don't had TCP wrappers, then ipchains/iptables can be used.
Suppose you want to permit only 192.168.1.24 to telnet into the server.
/sbin/ipchains -A input -s ! 192.168.1.24 --destination-port 21 -j DENY
or
/sbin/ipchains -t filter -A INPUT -s ! 192.168.1.24 -p tcp --destination-port 21 -j DENY
I think this will solve ur problem
Moorthy
1. As said by MindBender. This is possible only if you are using TCP wrappers.
2. By filtering (using ipchains or iptables according to your kernel).
If the telnet conf file in ur xinetd.d contains a line like /usr/sbin/tcpd in.telnetd, then u had TCP wrappers installed and the method of MindBender is absolutely right to allocate telnet only to 192.168.1.24 machine.
If you don't had TCP wrappers, then ipchains/iptables can be used.
Suppose you want to permit only 192.168.1.24 to telnet into the server.
/sbin/ipchains -A input -s ! 192.168.1.24 --destination-port 21 -j DENY
or
/sbin/ipchains -t filter -A INPUT -s ! 192.168.1.24 -p tcp --destination-port 21 -j DENY
I think this will solve ur problem
Moorthy
You can restrict assessing your machine by two ways.
1. As said by MindBender. This is possible only if you are using TCP wrappers.
2. By filtering (using ipchains or iptables according to your kernel).
If the telnet conf file in ur xinetd.d contains a line like /usr/sbin/tcpd in.telnetd, then u had TCP wrappers installed and the method of MindBender is absolutely right to allocate telnet only to 192.168.1.24 machine.
If you don't had TCP wrappers, then ipchains/iptables can be used.
Suppose you want to permit only 192.168.1.24 to telnet into the server.
/sbin/ipchains -A input -s ! 192.168.1.24 --destination-port 21 -j DENY
or
/sbin/ipchains -t filter -A INPUT -s ! 192.168.1.24 -p tcp --destination-port 21 -j DENY
I think this will solve ur problem
Moorthy
1. As said by MindBender. This is possible only if you are using TCP wrappers.
2. By filtering (using ipchains or iptables according to your kernel).
If the telnet conf file in ur xinetd.d contains a line like /usr/sbin/tcpd in.telnetd, then u had TCP wrappers installed and the method of MindBender is absolutely right to allocate telnet only to 192.168.1.24 machine.
If you don't had TCP wrappers, then ipchains/iptables can be used.
Suppose you want to permit only 192.168.1.24 to telnet into the server.
/sbin/ipchains -A input -s ! 192.168.1.24 --destination-port 21 -j DENY
or
/sbin/ipchains -t filter -A INPUT -s ! 192.168.1.24 -p tcp --destination-port 21 -j DENY
I think this will solve ur problem
Moorthy
This is for RedHat using xinetd.
You can use the xinetd.d/telnet file to disable ANY telnet access. This is mine, notice the "disable = yes" line. This prevents ANY incoming access on port 23 from starting telnet. This will NOT prevent you from running the telnet daemon and poosibly allowing access, this also prevents you from using telnet on your "internal" network for administration (not realy a bad thing if you use ssh instead).
Of course, if you want to use telnet internaly you need to use ipchains or iptables to restrict access to port 23 to allow only internal traffic to reach port 23.
File: telnet Col 0 303 bytes 100%
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
You can edit /etc/sysconfig/ipchains and add the following lines.
-A input -p tcp -s 192.168.10.0/24 -d 192.168.10.0/24 23:23 -y -j ACCEPT
-A input -p udp -s 192.168.10.0/24 -d 192.168.10.0/24 23:23 -j ACCEPT
These ALLOW access to port 23 ONLY when the source and destinations are inside my firewall (really the 192.168.10.x subnet). You will need to enable the xinetd.d/telnet to use telnet.
Sinc you also asked about ports in general...
The first line DENY's tcp traffic from anywhere TO anywhere. DENY means that a response is sent back to requestor (means someone now knows a machine is at your IP Address). the REJECT line stops UDP traffic on ports 0 through 1023 and does NOT send any response, this means a port scanner will not "see" your system. So for "stealth" type protection, set both to REJECT.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j DENY
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
The ipchains man pages will give you a much better explanation of all the parameters.
FYI:
port 21 is for FTP.
I DO NOT enable Telnet and only use ssh.
Todd R.
You can use the xinetd.d/telnet file to disable ANY telnet access. This is mine, notice the "disable = yes" line. This prevents ANY incoming access on port 23 from starting telnet. This will NOT prevent you from running the telnet daemon and poosibly allowing access, this also prevents you from using telnet on your "internal" network for administration (not realy a bad thing if you use ssh instead).
Of course, if you want to use telnet internaly you need to use ipchains or iptables to restrict access to port 23 to allow only internal traffic to reach port 23.
File: telnet Col 0 303 bytes 100%
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
You can edit /etc/sysconfig/ipchains and add the following lines.
-A input -p tcp -s 192.168.10.0/24 -d 192.168.10.0/24 23:23 -y -j ACCEPT
-A input -p udp -s 192.168.10.0/24 -d 192.168.10.0/24 23:23 -j ACCEPT
These ALLOW access to port 23 ONLY when the source and destinations are inside my firewall (really the 192.168.10.x subnet). You will need to enable the xinetd.d/telnet to use telnet.
Sinc you also asked about ports in general...
The first line DENY's tcp traffic from anywhere TO anywhere. DENY means that a response is sent back to requestor (means someone now knows a machine is at your IP Address). the REJECT line stops UDP traffic on ports 0 through 1023 and does NOT send any response, this means a port scanner will not "see" your system. So for "stealth" type protection, set both to REJECT.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j DENY
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
The ipchains man pages will give you a much better explanation of all the parameters.
FYI:
port 21 is for FTP.
I DO NOT enable Telnet and only use ssh.
Todd R.
Keep your life simple!!! TCP wrapper is xinetd in RedHat, telnet-server, wu-ftpd package is installed to work with xinetd. Follow MindBender instruction! Dont complicate a simple task by using ipchains/iptables, those are for real firewall config.
usher:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
drewber
Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
drewber
Featured Post
Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I. Introduction
There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Get a first impression of how PRTG looks and learn how it works. This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
- Linux
- Windows OS
- Networking
- Paessler
- Network Management
- Network Analysis, Network Operations
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month9 days, 15 hours left to enroll
624 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.