*BSD News Article 9091


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA5152 ; Tue, 22 Dec 92 05:01:26 EST
Xref: sserve comp.protocols.tcp-ip:21122 comp.unix.bsd:9148
Path: sserve!manuel.anu.edu.au!munnari.oz.au!sgiblab!spool.mu.edu!uwm.edu!ogicse!flop.ENGR.ORST.EDU!gaia.ucs.orst.edu!gecko.oes.orst.edu!matt
From: matt@gecko.oes.orst.edu (Matt Curfman)
Newsgroups: comp.protocols.tcp-ip,comp.unix.bsd
Subject: Re: Limiting Telnet access.
Message-ID: <1gt45tINNprl@gaia.ucs.orst.edu>
Date: 18 Dec 92 18:10:05 GMT
Article-I.D.: gaia.1gt45tINNprl
References: <1992Dec17.230214.16501@vector.dallas.tx.us>
Organization: Oregon State University, Corvallis OR USA
Lines: 46
NNTP-Posting-Host: ra-box.wtfd.orst.edu

In article <1992Dec17.230214.16501@vector.dallas.tx.us> tbo@vector.dallas.tx.us (Terry Bohaning) writes:
>I've recently become very concerned about the security of many of 
>the Unix workstations under my care. Some of the users are overly
>free with their passwords and I would really like to limit access
>to the systems.
>
>Has anyone modified the telnet daemon to include to capability
>for an allow/deny file. What I'm thinking of is a way to prevent
>any machine not listed in an allow file or every machine except
>those listed in a deny file from telneting into our machines.
>
>I've gotten the BSD Net 2 sources and have started looking at them,
>but wondered if anyone else has already tried this yet.
>
>Your comments please......
>
>Terry Bohaning			tbo@vector.dallas.tx.us

I have installed on my 386bsd machine a package called wrapper.  From the
Readme:

                                --o--

This package provides a couple of tiny programs that monitor incoming
requests for IP services such as TFTP, EXEC, FTP, RSH, TELNET, RLOGIN,
FINGER, SYSTAT, and many others.
 
Optional features are: access control based on pattern matching; remote
username lookup using the RFC 931 protocol; protection against rsh and
rlogin attacks from hosts that pretend to have someone elses name.
<deleted>
        Wietse Venema (wietse@wzv.win.tue.nl),
        Department of Mathematics and Computing Science,
        Eindhoven University of Technology,
        The Netherlands.

                                --o--

I have placed a copy of wrapper.tar.Z on anonymous ftp at oes.orst.edu in
/pub/386bsd/wrapper.tar.Z.  There are many other sites for this software 
as well.

-mc
_____________________________________________________________________________
Matt Curfman                                    Almanac Information Archivist 
matt@gecko.oes.orst.edu                     Oregon State University Extension