Re: Allow telnet to only one IP using host.deny or host.allow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim:
>> Though, I wouldn't allow telnet, at all. Are you sure you need it?
    
Jatin K:
> I'm also thinking like you ... no need to allow telnet .....but
> customer is the king .... he says the he wants telnet to server ...
> nothing can be done ...!!!

I'd ask to make sure whether he knows about alternatives.  He might be
able to SSH, but doesn't know it even exists.

Telnet being completely unencrypted makes it easy for anyone snooping to
capture passwords.  Though, having said that, most people fetch their
mail using a protocol that sends the passwords unencrypted, too.

> finally I've used both host file and iptables ...

Since you're making this public, you might want to look at something
like fail2ban, as well.  It adds IPs to a deny list, for a while, when
they make a few unsuccessful connection attempts.

On its own, telnet will allow someone to keep on hammering away at it
until they chance upon a working password.  The automatic banning script
makes the chances of succeeding very difficult.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.




-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux