keijo@vttux1.vtt.fi (keijo tuominen) (09/21/90)
Does anyone know if somewhere is available a program that checks where from telnet/ftp/smtp connections are made and checks if machine requesting connection is allowed to enter to that particular host.So if it is not allowed to do connection the target machine should close connection and also make a log for that connection attempt. Other problem: Is is a possible that when we notice that caller is a friendly machine we don't ask a login/password but instead of login we send some kind of information like this : --------------------------------------- Hello this is node Make your choice: 1. Telnet to host xxx.yyy.zzz 2. Ftp to host rrr.ttt.ggg 3. Information ----------------------------------- Or something else. So if user choose number 1 the targer machine make a telnet connection to that host. -- * Tuominen Keijo * E-mail adress: * * Vuorimiehentie 5 * Keijo.Tuominen@vtt.fi * * SF-02150 Espoo, Finland * TELEFAX: * * Phone: 90-4564295 Home: 90-538606 * +358 0 460648 *
ron@hphkae0.HP.COM (Ron Baillie) (09/25/90)
> / hphkae0:comp.unix.large / keijo@vttux1.vtt.fi (keijo tuominen) / 2:38 am Sep 21, 1990 / > > Does anyone know if somewhere is available a program that checks > where from telnet/ftp/smtp connections are made and checks if > machine requesting connection is allowed to enter to that > particular host.So if it is not allowed to do connection > the target machine should close connection and also make a log > for that connection attempt. > > Other problem: > Is is a possible that when we notice that caller is a friendly machine > we don't ask a login/password but instead of login we send some kind of > information like this : > On the first question, if your system uses /etc/inetd for networking, you should be able to use /usr/adm/inetd.sec to decide which hosts can use which service on your machine. Also, /etc/inetd supports logging of all connections to various services, refused or otherwise, in /usr/adm/inetd.log. On the second question, I don't know of any way to configure telnet/ftp or whatever to do what you want, but you may get somewhere with /etc/hosts.equiv. Otherwise, you'll have to write your own network service daemon to replace telnet/ftp/rlogin etc. This is not as difficult as it might seem, as there are many good books and manuals on socket programming. I once wrote a daemon which was similar to 'ftpd', and it was only about 200 lines of C. Hope this helps. Ron.
de5@de5.ctd.ornl.gov (Dave Sill) (09/25/90)
In article <1880001@hphkae0.HP.COM>, ron@hphkae0.HP.COM (Ron Baillie) writes: > >On the first question, if your system uses /etc/inetd for networking, you >should be able to use /usr/adm/inetd.sec to decide which hosts can use >which service on your machine. On which UNIX's? The Ultrix and SunOS man pages say nothing about it. But then they use /usr/etc/inetd. Is inetd.sec a System V'ism? -- Dave Sill (de5@ornl.gov) Martin Marietta Energy Systems Workstation Support