From owner-freebsd-questions  Sun May 27 14: 2:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp012.mail.yahoo.com (smtp012.mail.yahoo.com [216.136.173.32])
	by hub.freebsd.org (Postfix) with SMTP id 7D07A37B424
	for <questions@freebsd.org>; Sun, 27 May 2001 14:02:46 -0700 (PDT)
	(envelope-from sky_tracker@yahoo.com)
Received: from hse-toronto-ppp3489010.sympatico.ca (HELO d.tracker) (65.92.114.69)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 27 May 2001 21:02:46 -0000
X-Apparently-From: <sky?tracker@yahoo.com>
Received: (from david@localhost)
	by d.tracker (8.11.3/8.11.3) id f4RM2T804173;
	Sun, 27 May 2001 22:02:29 GMT
	(envelope-from david)
Date: Sun, 27 May 2001 17:02:28 -0500
From: David Banning <sky_tracker@yahoo.com>
To: Lim Seng Chor <Lim.Seng.Chor@sit.edu.my>
Cc: david@banning.com, questions@FreeBSD.ORG
Subject: Re: telnet security question
Message-ID: <20010527170228.B4092@yahoo.com>
Reply-To: David Banning <david@banning.com>
References: <200105270809.f4R89ZB01609@d.tracker> <3B11271E.13364.8EF1A94@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <3B11271E.13364.8EF1A94@localhost>; from Lim.Seng.Chor@sit.edu.my on Sun, May 27, 2001 at 04:22:39PM +0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I notice you didn't mention a firewall. What would be your reasons 
for the points you suggested versus a firewall, which was someone 
else's suggestion?

On Sun, May 27, 2001 at 04:22:39PM +0800, Lim Seng Chor wrote:
> 
> (1) Block the telnet packet to your destination host at your 
> router/gateway
> (2) use tcp_wrapper + inetd, allow only access to telnetd from local 
> network
> (3) using xinetd and block all non local subnet telnet request
> (4) use /etc/login.access to block the non local login
> (5) define your login class at /etc/login.conf
> 
> you can use either one of the above according to your need.
> if you have any questions or need any info/instruction how to do, 
> just ask.
> good luck! : )
> 
> 
> On 27 May 2001, at 8:09, David Banning wrote:
> 
> > Is there a way to allow users on our local area network to telnet into
> > the server, but block telnet access to the server from the internet?
> > 
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> 
> 
> 

-- 
You have a tendency to feel you are superior to most computers.

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message