Hello [EMAIL PROTECTED] list member,
Sehubungan dg diskusi di list ini tentang pembatasan Telnet di
MDaemon, saya sudah teruskan di Forum Mdaemon, nah ini salah satu
jawaban yg menarik dari salah satu member, saya copykan :
---start copy ---
There is no "telnet" negotiation. Terminal emulation (the
aforementioned do's and don'ts) is a function of the daemon accepting
the incoming connection at the protocol lever. What you're asking
about is connection-level filtering based on client type and that's
impossible. Opening a telnet connection to port 25/110/143 looks
EXACTLY like a SMTP/POP/IMAP connection TCP connection-wise. Opening
telnet instantiates a TCP connection excatly the same way your SMTP
server or Web server or even an SSL server does. It's up to the
protocol (SMTP,HTTP,POP) to negotiate connection terms and access
restrictions. Telnet as in a telnet connection is just a raw data
stream. There's no protocol that is "telnet". That's why you can
telnet to SMTP to perform tests. I could sit with my telnet connection
on your MDaemon server and send valid SMTP commands and data all day
and you'd never be able to distinguish the difference between me and a
real SMTP server. Authentication is a protocol function, not a
connection function. Telnet "client" filtering is fundamentally
impossible from a connection/TCP standpoint.
For filtering hackers, it's a simple matter to write a Perl script
that does a tcp_open() and bingo - instant TCP connection. No hacker
is going to check for a buffer overflow using Telnet. There's all
sorts of specialized software for that, even for your run-of-the-mill
14-year-old 3l33T 5Kr1pT3r (elite scripters - sorry it's late) that
don't know anything about programming.
Jason McCormick
Network/Systems Administrator
Lexi-Comp, Inc.
330-650-6506 x 239
[EMAIL PROTECTED]
-----Original Message-----
From: Syafril Hermansyah <[EMAIL PROTECTED]>
To: "md-beta List Member" <[EMAIL PROTECTED]>
Date: Thu, 1 Mar 2001 10:21:47 +0700
Subject: [md-beta] Telnet Restriction
---end of copy---
Dan sedikit tambahan dari Jason Froikin <[EMAIL PROTECTED]> :
---start copy ---
Jason McCormick ([EMAIL PROTECTED]) cried out on 2/28/01 11:12 PM:
> There is no "telnet" negotiation. Terminal emulation (the
> aforementioned do's and don'ts) is a function of the daemon accepting the
> incoming connection at the protocol lever. What you're asking about is
> connection-level filtering based on client type and that's impossible.
Telnet isn't a protocol. It's an absence of high-level protocols, just a
straight text stream over standard networking protocols (Ethernet, PPP,
etc).
---end of copy---
--
Best regards,
- Syafril -
************************************************************************
Name : Syafril Hermansyah |Company: Duta Integrasi Pratama
Mailto: <[EMAIL PROTECTED]> |Voice : (62) (21) 385-1600
FAXto : (62)(21)351-9241 key:000FAX |URL : <http://www.dutaint.co.id>
************************************************************************
Created : 01 Maret 2001, 20:41:22
--
--MDaemon-L----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Untuk menghubungi moderator/List Owner double click link dibawah ini:
<mailto:[EMAIL PROTECTED]>
Untuk Unsubscribe, double click link dibawah ini langsung kirim
<mailto:[EMAIL PROTECTED]>
Untuk Subscribe, double click link dibawah ini langsung kirim
<mailto:[EMAIL PROTECTED]>
--POWERED BY MDAEMON!------------------------------------------------
Anda terdaftar di List ini dg alamat : [email protected]
