>>That's impossible (there isn't any way to tell whether someone is
>>connecting with telnet, or if a program is connecting).....
>
>no, I think some packet filters can block by tcp application protocol
>(where telnet protocol is not the same as smtp protocol).
It definitely is possible to block telnet (port 23) while still allowing
SMTP (port 25).
The problem is that the telnet program can be used to connect to any
port. If someone runs telnet, and connects to port 25, there is no way to
detect that it is a telnet session and not a mailserver connecting.
A firewall can, as someone pointed out, detect the small packets (a telnet
client will typically send only a few characters at a time, depending on
how fast you type, whereas a program will typically send a full line at a
time). However, this is not foolproof, as there are some mailservers that
will split output into more than one packet, and there are some telnet
programs that send line-by-line (rather than character-by-character). And,
you can just cut and paste into a telnet program.
But, there is little damage that can be done by telneting to port 25 that
can't be accomplished just as easily with a mail client (telneting lets you
easily forge the return address, but any mail client can do that). Also,
telneting to port 25 doesn't allow for mistakes -- if you type the wrong
character, you can't backspace to fix it. I often telnet to port 25 for
diagnostic means, but can't imagine someone doing much damage that way.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive............ http://www.mail-archive.com/[email protected]
To Manage your Subscription......... http://humankindsystems.com/lists
