From owner-freebsd-security Thu Mar 14 9:53:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from m5.andara.com (m5-real.eastlink.ca [24.222.0.25]) by hub.freebsd.org (Postfix) with ESMTP id 0E07837B405 for ; Thu, 14 Mar 2002 09:53:41 -0800 (PST) Received: from xeno (u206n232.hfx.eastlink.ca [24.222.206.232]) by m5.andara.com (8.12.1/8.12.1) with SMTP id g2EHrhOB001439 for ; Thu, 14 Mar 2002 13:53:43 -0400 (AST) Message-ID: <003501c1cb81$2e12faa0$e8cede18@xeno> From: "N. J. Cash" To: "FreeBSD Security" Subject: telnet / ipfw question Date: Thu, 14 Mar 2002 13:53:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 x-mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have telnet enabled on my system running 4.5-stable and have it hidden behind very strick ipfw rules so that the only IP that has access to the box on port 23 is my home static IP, everything else is denied by the firewall. I'm well aware of the risks of having telnet open and how insecure it can be so, i'm just looking for some input here if this sounds like a safe way to have the daemon running on a system. Would there still be security risks involved that i'm not aware about running it this way? Here's basically what's going on in ipfw for port 23. ipfw add 1400 allow log tcp from x.x.myip.x.x to any 23 ipfw add 09000 deny log ip from any to any Look safe ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message