The in.telnetd daemon won't answer requests on port 25, the SMTP daemon (sendmail or
qmail etc.) will. But a telnet client really is just a TCP client. It does not
negotiate telnet options unless it is running on port 23 or prompted to by initial
telnet conversation of telnet daemon.
For example here is the first packet after 3-way handshake for a telnet
session(ethereal view)
Frame 8 (78 on wire, 78 captured)
Arrival Time: Apr 27, 2002 23:23:37.048689000
Time delta from previous packet: 0.003990000 seconds
Time relative to first packet: 0.160703000 seconds
Frame Number: 8
Packet Length: 78 bytes
Capture Length: 78 bytes
Ethernet II
Destination: 00:50:18:09:be:62 (gateway)
Source: 00:80:c8:de:8b:7d (BILL-NT)
Type: IP (0x0800)
Internet Protocol, Src Addr: BILL-NT (192.168.0.148), Dst Addr: telnet.some.org
(10.10.136.20)
Version: 4
Header length: 20 bytes
Type of service: 0x00 (None)
000. .... = Precedence: routine (0)
...0 .... = Delay: Normal
.... 0... = Throughput: Normal
.... .0.. = Reliability: Normal
.... ..0. = Cost: Normal
Total Length: 64
Identification: 0x0442
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x26b0 (correct)
Source: BILL-NT (192.168.0.148)
Destination: telnet.some.org (10.10.136.20)
Transmission Control Protocol, Src Port: 3765 (3765), Dst Port: telnet (23), Seq:
3492994653, Ack: 4185056258
Source port: 3765 (3765)
Destination port: telnet (23)
Sequence number: 3492994653
Next sequence number: 3492994677
Acknowledgement number: 4185056258
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64240
Checksum: 0xedd9 (correct)
Telnet
Command: Do Suppress Go Ahead
Command: Will Terminal Type
Command: Will Negotiate About Window Size
Command: Will Terminal Speed
Command: Will Remote Flow Control
Command: Will Linemode
Command: Will New Environment Option
Command: Do Status
==========================================================
The first packet is some telnet options.
Using the same client to a SMTP listener gets
===================================================================================
Frame 38 (160 on wire, 160 captured)
Arrival Time: Apr 27, 2002 23:36:23.430858000
Time delta from previous packet: 0.677657000 seconds
Time relative to first packet: 35.762083000 seconds
Frame Number: 38
Packet Length: 160 bytes
Capture Length: 160 bytes
Ethernet II
Destination: 00:80:c8:de:8b:7d (BILL-NT)
Source: 00:50:18:09:be:62 (gateway)
Type: IP (0x0800)
Internet Protocol, Src Addr: smtp.some.org (10.10.136.20), Dst Addr: BILL-NT
(192.168.0.148)
Version: 4
Header length: 20 bytes
Type of service: 0x00 (None)
000. .... = Precedence: routine (0)
...0 .... = Delay: Normal
.... 0... = Throughput: Normal
.... .0.. = Reliability: Normal
.... ..0. = Cost: Normal
Total Length: 146
Identification: 0xfdac
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 239
Protocol: TCP (0x06)
Header checksum: 0xbdf2 (correct)
Source: smtp.some.org (10.10.136.20)
Destination: BILL-NT (192.168.0.148)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 3846 (3846), Seq:
84154795, Ack: 3687763978
Source port: smtp (25)
Destination port: 3846 (3846)
Sequence number: 84154795
Next sequence number: 84154901
Acknowledgement number: 3687763978
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8760
Checksum: 0xe3b6 (correct)
Simple Mail Transfer Protocol
Response: 220
Parameter: smtp.some.org ESMTP Sendmail 8.11.6/8.11.6/SOME_f1_v3.03; Sat, 27 Apr
2002 23:35:58 -0400 (EDT)
===================================================================================
Which is just the SMTP startup response.
A telnet client doesn't send the telnet options unless it is connecting on port 23.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of kk downing
Sent: Fri April 26 2002 22:48
To: Bill Royds; Pascal C. Kocher; Chris Lee; [EMAIL PROTECTED]
Subject: RE: blocking telnet to port 25
I was thinking about this and what on the server side
sets up the client virtual terminal( the IAC- will do,
wont do, suppres go ahead etc.)? in.telnetd won't
answer the call as the destination port is 25?
--- Bill Royds <[EMAIL PROTECTED]> wrote:
> Several firewalls support separating this (Raptor,
> Cisco PIX, Gauntlet), but all the spammer/intruder
> needs to do is use a client that doesn't send telnet
> options such as the Solaris mconnect command. So the
> trick of blocking clients that send telnet options
> doesn't really work.
> SMTP uses TCP port 25. You can't block 25/tcp
> without also blocking SMTP, although you can
> restrict it to SMTP only.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Pascal C. Kocher
> Sent: Thu April 25 2002 21:21
> To: Chris Lee; [EMAIL PROTECTED]
> Subject: RE: blocking telnet to port 25
>
>
> Hello Chris
>
> > Sayed Peerzade wrote:
> >
> > > Hello,
> > >
> > > I'm systems engineer in an ISP handling mail
> servers, i also handle
> > > checkpoint.
> > > pls tell me how to block telnet to port 25,
> keeping normal telnet to
> > > perform normally on mail server (netscape
> messaging server
> > running on
> > > solaris OS))
> > > u can tell me method to block either in
> checkpoint or on mail server
> > > itself.
> > > Thanks and regards.
> > >
> > > Sayed K.Peerzade.
> >
> > From: Chris Lee [mailto:[EMAIL PROTECTED]]
> >
> > If you want mail to through, you can't.
> >
> > Chris
>
> This is wrong. You are still able to get mail
> through port 25 and not
> allowing telnet (at least telnet clients) to connect
> to the mailserver
> over this port. Telnet sends options upon connection
> (link Terminal
> Type) which a regular SMTP Connection would not
> send. Based on this you
> could filter out telnet connections. Althoug I don't
> know of any
> firewall product which supports this.
>
> Best regards,
> Pascal.
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change
> password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
