From owner-freebsd-cvsweb@FreeBSD.ORG Wed Aug 11 18:36:52 2004 Return-Path: Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA5FD16A4CE for ; Wed, 11 Aug 2004 18:36:52 +0000 (GMT) Received: from ranger.electric.net (ranger.electric.net [216.129.90.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5796843D53 for ; Wed, 11 Aug 2004 18:36:50 +0000 (GMT) (envelope-from netadmin@barton.ca) Received: from root by ranger.electric.net with emc1-ok (Exim 4.24) id 1Buxxx-00068A-Vo for freebsd-cvsweb@FreeBSD.org; Wed, 11 Aug 2004 11:36:49 -0700 Received: by emcmailer; Wed, Aug 11 2004 11:36:49 -0700 Received: from [209.53.254.97] (helo=bartonpdc.bartoninsurance.com) by ranger.electric.net with esmtp (Exim 4.24) id 1Buxxw-00067s-Vr for freebsd-cvsweb@FreeBSD.org; Wed, 11 Aug 2004 11:36:49 -0700 Received: from BARTON000242 ([10.25.81.103])i7BIaes7004395 for ; Wed, 11 Aug 2004 11:36:42 -0700 Message-ID: <000801c47fd2$28f8a4e0$6751190a@BARTON000242> From: "Network Admin" To: Date: Wed, 11 Aug 2004 11:36:45 -0700 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Status: Scanned by sophos Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Curious action X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS Web maintenance mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2004 18:36:52 -0000 Xinetd version: xinetd-2.1.8.9pre14-5mdk Recently I was demonstrating how easy it was to disable a service using = xinetd. The service I picked was telnet. I added "disabled =3D yes" to = the telnet definition in the xinetd.d directory and then restarted = xinetd so the changes took effect. The next time I tried to connect the server gave me the "refused = connection" message as expected. However, shortly after the first = attempt, I tried it again and presto up came the login prompt. I did a = netstat on the server and there was port 23 listed as open. I once again restarted xinetd and immediately checked for port 23 but it = was nowhere to be seen. I then tried connecting three times in a row = and each time I got the "refused connection" message. "Ah-hah", I = thought, " that fixed it!" However, after waiting for a few minutes, I = once more tried to connect and up came the login prompt again. Very curious! My next move was to completely remove the definition from the xinetd.d = directory. This time the telnet service stayed dead. I waited 1/2 hour and tried again and the telnet session was still dead. I moved the telnet definition file back into the xinetd.d directory, = restarted xinetd and tried again. Still dead. Waited 5 minutes and tried again and presto, like magic it was back = again. "Talk about reliability!!!!" My solution is to just remove the definition for the time being. = Possibly upgrading to the lastest version of xinetd will resolve this = glitch. If not, at least someone will know about it and possibly = correct it in a later version. My telnet definition file looks like this: service telnet { flags =3D REUSE log_on_failure +=3D USERID socket_type =3D stream user =3D root server =3D /usr/sbin/in.telnetd wait =3D no only_from =3D 10.25.0.0/16 disable =3D Yes } Ken Smith Network Engineer Barton Insurance Brokers Ltd TEL:(604)703-7056 FAX (604)703-7099 ksmith@barton.ca "FAILURE is not an option ... it's built in to all MicroSoft products!"