[plug] telnet on Mandrake

Christian christian at global.net.au
Fri Dec 3 16:06:39 WST 1999


On Fri, 3 Dec 1999, Kenworthy Family wrote:

> Security feature or bug? - to me if it stops you doing something that up to now
> has been normal practice, and have not clearly, and easily findably documented
> the fact, then its a bug!!!  I have no evidence other than telnet into the box
> not working that any extra security has been implemented.  As well, telnet does
> connect, brings up the escape key message, then disconnects - where's the
> security there unless disabling a very useful feature of a networking operating
> system is security - may as well pull the network cable.  The above winge
> becomes irrelevant if it is Mandrakes normal precise to disable telnet access -
> but their FAQ website etc makes no real fuss over it being any more secure than
> other distro's - or appears to mention telnet in particular.

In your case it appears that this isn't a security feature since, the
behaviour you describe would likely be caused by tcpwrappers (which it
isn't given what you said before unless perhaps it is a problem with the
paranoid option: make sure your machine's name and IP resolve correctly to
one another; in fact, this is probably it given you described a long
timeout period before the telnet connection closes). Another thing to
check is the telnet entry in /etc/inetd.conf: grep telnet /etc/inetd.conf
-- make sure that the in.telnetd server is in the correct place as given
by that file. 

As for what you say about disabling an important feature, I think you are
very, very wrong.  Telnet isn't an important feature to most users
(especially home users which I think Mandrake is somewhat targetted at).
Furthermore, leaving such a feature disabled by default is the most
intelligent thing to do security-wise: those users who don't use telnet
are protected and can ignore it, those who need telnet can specifically
enable it and thus be aware that there is another potential entrance to
their machine.  It certainly is an important feature and it is certainly
still there, you just have to enable it if you need it.  As for pulling
the networking cable, I don't believe Mandrake plugs your network cabling
in for you either -- yet you don't complain about that.  Switching on
telnet is as trivial as plugging in a networking cable and, I think it's
fair to say, those who don't know how to do it probably don't need to run
telnet (or at least they shouldn't!).

Regards,

Christian.

============================================================================
"Those who do not understand Unix are condemned to reinvent it, poorly."
                					-- Henry Spencer



More information about the plug mailing list