From owner-freebsd-questions Sun Sep 21 21:36:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA10312 for questions-outgoing; Sun, 21 Sep 1997 21:36:45 -0700 (PDT) Received: from gdi.uoregon.edu ([128.223.170.30]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA10305 for ; Sun, 21 Sep 1997 21:36:41 -0700 (PDT) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.5/8.8.5) with SMTP id VAA04873; Sun, 21 Sep 1997 21:34:09 -0700 (PDT) Date: Sun, 21 Sep 1997 21:34:09 -0700 (PDT) From: Doug White Reply-To: Doug White To: Arthur Alacar cc: questions@FreeBSD.ORG Subject: Re: telnet restriction. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 20 Sep 1997, Arthur Alacar wrote: > > So you want to keep people from telnetting to ports other than the > > standard telnet port, 23? > > > > You might be able to do it with tcp_wrappers, write a script that strips > > off the final argument, or modify the telnet source to hardware the > > destination port. > > modify telnet source?.. well.. it could simply be done....as a matter of > fact.. i have changed the permission for this telnet command... but > unfortunately we have this some 'brilliant' users... who happened to get a > copy of this telnet file (saving it on his home dir) and used it..... so > this mechanism failed. Yuck. You'd have to restrict this further back, using ipfw I guess. This probably means that you have to approve uses of ports to release the filtering. That is a royal pain, virtually immobilizing possibly legitimate user programs. I'm curious to know what precipitated this need. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major Spam routed to /dev/null by Procmail | Death to Cyberpromo