Board index Linux Networking

Telnet security...

Telnet security...

Post by Benjamin Schweize » Sun, 26 Jul 1998 04:00:00




> Hello all -
> Is there any way I can set up telnet to only allow access from certain IP's
> under Linux?  I've got a linux box running on two different networks - one
> private, and one hooked to the internet.  (Same network as my web & mail
> servers).  Is there any way I can set up the telnet service to only allow
> connections from a certain IP range?  I love the possibility of setting up a
> Linux box that needs no keyboards, mice or monitors, but I don't want to give
> every hacker and his brother the opportunity to break in.

See /etc/hosts.deny and /etc/hosts.allow:

---
hosts.deny:
ALL:ALL
---
hosts.allow:
ALL:192.168.0.
---

hosts.allow has a higher priority than hosts.deny. 192.168.0. masks the local
network. You can also define friends on foreign networks. See man 8 tcpd for
help.

regards
  -Benjamin

--

dem   Billygotchi   nicht   an  irgendeinem  Lowlevel-Setup  rumdrehen.
Heute  die  Uhr,  morgen die Partitionstabelle -  wehret den Anfaengen!

 
 
 
Top

Telnet security...

Post by Henrik Storn » Sun, 26 Jul 1998 04:00:00



>Is there any way I can set up telnet to only allow access from certain IP's
>under Linux?  

Yes, you can do this easily with tcp_wrappers, which is quite commonly
installed by default on Linux systems. Look into the /etc/hosts.allow
and /etc/hosts.deny files - 'man hosts.deny' on my machine has some
examples.

--
Henrik Storner  |  "testing? What's that? If it compiles, it is good,
                |   if it boots up it is perfect."
                |                                    Linus Torvalds

 
 
 
Top

Telnet security...

Post by Steve Grime » Tue, 28 Jul 1998 04:00:00


Benjamin,
Wouldn't it be possible for some hacker to spoof their IP address and
gain telnet access? Say, my real IP address was 204.123.12.10 and I made
the person's computer I was trying to hack into see 192.168.0.1
Would I gain telnet access?

Thanks,
Steve


> See /etc/hosts.deny and /etc/hosts.allow:

> ---
> hosts.deny:
> ALL:ALL
> ---
> hosts.allow:
> ALL:192.168.0.
> ---

> hosts.allow has a higher priority than hosts.deny. 192.168.0. masks the local
> network. You can also define friends on foreign networks. See man 8 tcpd for
> help.

> regards
>   -Benjamin

> --

> dem   Billygotchi   nicht   an  irgendeinem  Lowlevel-Setup  rumdrehen.
> Heute  die  Uhr,  morgen die Partitionstabelle -  wehret den Anfaengen!

 
 
 
Top

Telnet security...

Post by Miguel Cr » Tue, 28 Jul 1998 04:00:00



Quote:>Wouldn't it be possible for some hacker to spoof their IP address and
>gain telnet access? Say, my real IP address was 204.123.12.10 and I made
>the person's computer I was trying to hack into see 192.168.0.1
>Would I gain telnet access?

Only if you could get 192.168.0.1 routed to their computer and back. This
means you'd have to have control of the routers in between (since almost all
routers drop 192.168 packets) or be on the same local network.

miguel

 
 
 
Top

Telnet security...

Post by Horst von Bran » Fri, 07 Aug 1998 04:00:00



> Is there any way I can set up telnet to only allow access from certain IP's
> under Linux?

tcpd(8), also known as tcpwrappers.
--

Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513
 
 
 
Top

1. Telnet Security

I want to disable certain users from telneting into a
RedHat Linux 5.1 machine altogether, is this possible?
Actually disabling certain users from using ftp, rsh,
rlogin, and anything else would be cool too.

--
Bryan Stevenson
BMH Associates, Inc.

2. QUESTION: Device Driver for VME/DMA parms on HP-UX 10.20 743i

3. telnet security

4. Perl and Tcl/Tk: How important are they?

5. Telnet security

6. Sony TSL-9000 DAT Autoloader/Phobos P430 Quadport net card

7. how to start apps upon reboot ?

8. telnet security

9. Telnet security

10. telnet security

11. Telnet security


All times are UTC
Board index