Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I accidently stumbeled on something here....
I wanted to access my server via telnet from my other computer connected vi different internet interface, but I hated to turn on telnet port for security reasons of course.
What I did is actually turned it on for about 30 seconds just long enough to login to it then I went back after I loged in and executed the command #/sbin/service xinetd restart after I ran ntvsys to turn it off again....The funny thing is I am still connected via telnet but no new sessions can be open again....
Any thoughs on that...How secure is my connection afterward..Is it still unsecure as if the tellnet port was still active or else .....
When a TCP based application is loaded the app has to register with TCP.
Servers do this when they issue a TCP passive open while your client does this with an active open.
Once registered the application "telnet" is linked with a virtual circuit to the TCP stack with a LISTEN state.
Your client sends a connection request, then the server issues a SYN-RECEIVED, once the handshake has been made the circuit is ESTABLISHED, so by downing Telnet this circuit is still active until your client issues a FIN flag and tares down the connection.
Answering your question:
It's secure as your connection is the only one allowed since it established the handshake with telnet.
Someone will need to try and spoof your IP + guess and correctly match your next random sequencer number in-order to hijack your connection, which on Linux is close to imposable. "windows now that's a different matter"
Hey thanks for the very technical explanation...good stuff!!!
Anyway it was just a thought. Of course it cannot be practical..I still need to think of a good firewall security solution for my box.
Thanks again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.