Re: Can you change Telnet's well known port? [7:717]

Sun, 15 Apr 2001 10:14:51 -0700 

At 01:32 PM 4/15/01 -0400, Fred Danson wrote:
> >Anyway, here is what you could do
> >     Public        Private
> >63.1.1.1 :23    192.168.1.23 :23
> >63.1.1.1 :24    192.168.1.24 :23
> >63.1.1.1 :25    192.168.1.25 :23
> >63.1.1.1 :26    192.168.1.26 :23
>
>I wasn't aware that it is possible to manipulate the port used to telnet. So
>using your example above, I would telnet to device 1 using the outside
>destination port of 23, telnet to device 2 using the outside destination
>port of 24, telnet to device 3 using the outside destination port of 25? Is
>it possible to do this? Would telnet work with ports other than 23? Could
>anyone clarify this please?
>
>Thanks for the help,
>Fred

Absolutely.  They are just daemons using a socket library.  They can bind 
to any port they want and you can get the same result.  As long as the 
client connects to the write server listening port, they do not care.  The 
main reason why they initially set it up so that certain ports belong to 
certain services is to avoid confusion on the clients.  So client software 
can be written to always connect to the 'well-known' port as opposed to 
some random port.  Any well written client can choose which port to connect 
to, and if not specified, they default to the well known port.

telnet 63.1.1.1 26
that would work for most telnet clients.

However, this is not the case up here.  In this case, even more the reason 
why it would work.

Specifically here though, we are just redirecting from the external ip:port 
to some internal ip:port.  We are still communicating with an inside host 
at port 23 (well known telnet port).  All they are doing up there is 
remapping from external ip:port to internal ip:port.  However, always 
remember, a daemon can bind to any port they want.  You can tell your unix 
telnetd to bind to port 3922 or some other port.

I suppose it is some feeble form of security, but since a good portscanner 
will find your "hidden" daemon anyway, I would not try to use this as a 
form of security.  (i.e., putting listening ports on say 6073).

-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=722&t=717
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to