Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a customer who is complaining that they can connect to prt y on IP x with telnet. They are seeing the following:
telnet x.x.x.x y
Connected to x.x.x.x.
Escape character is '^]'.
after some time the connection of course times out.
Connection closed by foreign host.
There is no telnet service running on this port so they cannot do anything, but they are complaining tht the fact that telnet "connects" is a security risk.
I am having difficulty explaining why they are able to connect with telnet. I know it has to do with the socket layer API in Linux but I am having difficulty explaining this sufficiently. I also can't just say "this is the way linux works" to them.
I am looking through "UNIX Network Programming" by W. Richard Stevens at this time, but any help on explaining this issue would be greatly appreciated.
If it were telnetd listening on that port I would expect a logon prompt. Since you are not seeing one, the question is "what is listening on that port and why????". Before you try to explain anything, someone had better figure out the answer to that question.
There ARE ports that SHOULD have listeners running on them. Some only on the loopback interface, some on the external interface, some on every interface. What and how many those are depends upon what the server is used for. (IT should only run what is needed for its function and management.)
What is the port number they are testing (y) and what KIND of IP address are they testing.
One thing that you can tell them off the top: telnet is often used for exactly this kind of port testing. The connection they see is not a security issue in and of itself, just an indicator that there is something listening on that port. That may be good or bad, but we cannot tell without knowing what the port is, and what is listening there.
Actually LDAP is running on the port. I understand that you can perform port testing by using Telnet and it is a valid way to determine if a port is open. I am just at a loss to explain why telnet shows as "connected". Is it because the BSD socket is protocol agnostic?
Based on what I am reading here
“For certain protocols which require an explicit confirmation, such as DECNet, accept() can be thought of as merely dequeuing the next connection request and not implying confirmation. Confirmation can be implied by a normal read or write on the new file descriptor, and rejection can be implied by closing the new socket. Currently only DECNet has these semantics on Linux.”
I believe what we are seeing is the connection of the request, but of course there is no actual confirmation because there is no telnet service running.