LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-24-2005, 08:43 AM   #1
hfawzy
Member
 
Registered: Aug 2002
Location: Egypt
Distribution: Debian Sarge, Slackware 10.0
Posts: 163

Rep: Reputation: 30
telnet port block


I'm trying to close telnet port. I have tried to block it using Guarddog firewall (internet section), and I tried several commands such :
Quote:
iptables -A INPUT -p tcp --destination-port telnet -j DROP
But when I do an online system scan (Sygate), it prints out that telnet is open.
How do I properly close port 23 ?

Thank you.
 
Old 08-24-2005, 04:45 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
Your rule should do the trick...

Is there a rule somewhere earlier in your INPUT chain that specifically allows connections to port 23? Also, I would rewrite your rule as:
Code:
 iptables -A INPUT --dport 23 -j DROP
No point in making your rule tcp specific, as wily crackers can tunnel malicious packets over a different protocol (ie UDP, ICMP)

Another thing, If you don't want people connecting to your telnet port, then don't run a telnet server...if nothing is listening at port 23 then no one can connect.
 
Old 08-24-2005, 07:13 PM   #3
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Are you sure you don't have some iptables script somewhere (eg. in one of the /etc/rc* files or directories) that's overriding what you do in Guarddog?
 
Old 08-24-2005, 07:17 PM   #4
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 257

Rep: Reputation: 36
Another possibility might be that the sygate scan is
actually hitting some other IP adress (proxy, firewall, gateway)
be sure to check the ip add. reported by the sygate scan
 
Old 08-24-2005, 07:52 PM   #5
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
I'm trying to close telnet port. I have tried to block it using Guarddog firewall (internet section), and I tried several commands such :
quote:
iptables -A INPUT -p tcp --destination-port telnet -j DROP
These "several commands" append rules to already existing firewall rules. See them all with "iptables -L -v". The first match wins, so you must check them all...
You could insert the telnet blocking rule as the first one with "-I", ie:
iptables -I INPUT -p tcp --dport 23 -j DROP
The right way is to analyze each rule

Quote:
Also, I would rewrite your rule as:
Code:
 iptables -A INPUT --dport 23 -j DROP
No point in making your rule tcp specific, as wily crackers can tunnel malicious packets over a different protocol (ie UDP, ICMP)
This is clearly illegal and the command obviously fails because the port abstraction is used by both TCP & UDP. You must specify either tcp or udp.

Also, crackers could use any number != 23, so I don't understand your point.
Tunnels could be used in any protocol that the firewall allows. It doesn't invalidate the need for firewalling. You must know what kind of servers your machine runs with netstat. Use "netstat -ltpun"
mnemonic rules:
-l = listening
-t = tcp
-u = udp
-p = process' name
-n = numeric

Final note: keep your servers up to date.

Last edited by primo; 08-24-2005 at 07:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PLESK [Solution] Change port to 23 (telnet) instead of default port 8443 x5452 Linux - Software 6 05-10-2009 06:58 AM
block telnet port 25 yenonn Linux - Security 6 09-30-2005 02:34 AM
How to block a port, such as 21? iclinux Linux - Newbie 3 01-16-2005 01:51 PM
Level & Checks block Services (Telnet, VNC...) kt8993 Mandriva 2 10-03-2004 10:35 PM
block telnet to port 80 neil Linux - Security 4 07-01-2004 07:23 AM


All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration