----- Original Message ----- From: "e_plug" <[EMAIL PROTECTED]> To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, April 27, 2004 2:59 PM Subject: [plug] how to disable telnet on port 25
> hi guys, is there a way to disable the telnet on port 25 without affecting > the smtp server? yes... all you need is a good firewall or IDS can do packet per packet analysis... the difference between a smtp client and a telnet client connecting to a smtp server on port 25 is on the *fifth* packet... the first three packets are popularly known as the three-way handshake... client --> syn --> server client <-- syn/ack <-- server client --> ack --> server after that connection is established... the fourth packet will goes from the server.. the server will send its smtp message (eg. 220 smtp.plug.org.ph ESMTP Sendmail) to the client... now at the fifth packet, if it is a smtp client, it will send the first smtp protocol (eg. HELO <domain>) and if it is a telnet client, it will just simply ACK the fourth packet... with this you can already determined if it is a smtp client or a telnet client... fooler. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
