Re: How to disable Telnet and ipfwadm still full of sh**

[Mark Cooke]

On Mon, 15 Feb 1999, Pieter Claassen wrote:

> Just two questions please:
> 1. How do I civilly disable telnet login to a machine. We are running ssh
> and I don't want the telnet deamon to start.

/etc/inetd.conf will have a line like:

telnet stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd

just comment it out (with a #), and killall -HUP inetd

> 2. We are fedup with ipfwadm. As soon as we enable ipfwadm -I -p -deny and
> only allow the specified ports to be open, then we get no traffic.

I used ipfwadm with no problem before ipchains.

It sounds (dare I say it), like operator error.

One thing you might try is adding a logging line as the final rule:

For example, the foot of my fw-rules script is:

# Testing - Log Everything That Makes It This Far
# ===============================================

#$IPFWAD -F -a reject -P all      -D 0.0.0.0/0 \
#                                 -S 0.0.0.0/0 \
#                                 -o

#$IPFWAD -I -a reject -P all      -D 0.0.0.0/0 \
#                                 -S 0.0.0.0/0 \
#                                 -o

#$IPFWAD -O -a reject -P all      -D 0.0.0.0/0 \
#                                 -S 0.0.0.0/0 \
#                                 -o

Which picks up all packets, inbound, outbound and forwarded that were
not matched by earlier rules, and logs them to syslog (when the
comment #'s are removed).

> Is there any way that I can test what services are running on what ports
> (ie. if some of the services on the machine was started with non
> /etc/services port no.'s)

netstat -an will show you sockets in the 'LISTEN' state.

Using '/usr/sbin/fuser -n tcp <port number>' will give you the process
id. (Use -n udp for udp sockets).

> Question, is this possibly an ipfwadm problem and will it disappear if we go
> to ipchains?

Unlikely.

> Is anybody running anything else that is ok?

Both ipfwadm and ipchains run okay here on their respective kernels.

Regards,

Mark

+-------------------------------------------------------------------------+
Mark Cooke                  The views expressed above are mine and are not
Systems Programmer          necessarily representative of university policy
University Of Birmingham    URL: http://www.sr.bham.ac.uk/~mpc/
+-------------------------------------------------------------------------+

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]