home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!spool.mu.edu!news.cs.indiana.edu!arizona.edu!telcom.arizona.edu!leonard
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: Telnet firewall help?
- Message-ID: <1992Nov23.090531.4024@arizona.edu>
- From: leonard@telcom.arizona.edu (Aaron Leonard)
- Date: 23 Nov 92 09:05:30 MST
- Reply-To: Leonard@Arizona.EDU
- References: <1992Nov23.130546.7563@atlastele.com>
- Distribution: world,local
- Organization: University of Arizona Telecommunications
- Nntp-Posting-Host: penny.telcom.arizona.edu
- Lines: 22
-
- In article <1992Nov23.130546.7563@atlastele.com>, brians@atlastele.com (Brian Sheets) writes:
-
- | Well here I sit with this new neato kean network stuff but, do to the nature
- | of our company I cannot hook it up until I can assure that nobody will be
- | able to telnet or make other unauthorized entries into our system.
- |
- | So other that turning off telnetd does anyone have any suggestions??
-
- Well there's a couple of ways of doing what you want to do. If your
- gateway to the Internet is a router that can handle per-port filtering
- (e.g. a cisco), then you can disallow packets coming into TCP port 23
- (TELNET) or 513 (rlogin) (you might want to filter out 514 [rsh], 21
- [FTP] and who knows what.)
-
- If you don't have that capability, you can put the filtering burden
- on all your hosts. Get a TCP/UDP master server that's capable of
- disallowing connects on a per-IP-address basis, such as TGV's
- MultiNet (VMS only) or the TCP_WRAPPER program on cert.sei.cmu.edu
- in pub/network_tools/tcp_wrapper.
-
- Aaron Leonard (AL104), <Leonard@Arizona.EDU>
- University of Arizona Network Operations, Tucson AZ 85721
-
