Firewall Wizards mailing list archives
Re: How to best protect IIS server
From: "H. Morrow Long" <long-morrow () cs yale edu>
Date: Thu, 10 Aug 2000 16:34:23 -0400
Ryan Russell wrote:
I don't believe that the PIX will do that, but it's possible to write a proxy/SPF/firewall thingy that can do that, at least for realt Telnet clients. Telnet clients more-or-less send escape strings at the beginning og the setup, and ocassionally later as well. You can get your firewall thingy to look for those.
Probably not. Telnet clients don't send escape strings in the beginning of telnet session -unless your operating system or applications sends your combination telnet client / "terminal emulator" an "escape" sequence string (e.g. a DEC VT 'Request Terminal Type ID' escape sequence string). A telnet client will usually only attempt to do telnet client<->server negotiations (TELNET DO/DONT WILL/WONT options negotiations) with a telnet server. Normally most telnet clients will only attempt telnet protocol negotiation when connecting to servers listening on TCP port 23 (e.g. e.g. what is assumed to be a telnet server). Otherwise the telnet client app is not identifiable as such, nor easily differentiated from a browser, mail client program, etc: session1(5)% nc -l -p 8001 -vv -o hexdump listening on [any] 8001 ... 127.0.0.1: inverse host lookup failed: Unknown host : Socket operation on non-socket connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 38583 sent 0, rcvd 0 session1(6)% cat hexdump session1(7)% session2(2)% telnet localhost 8001 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> quit Connection closed. session2(3)% - H. Morrow Long Yale University Information Security Officer Yale Univ. ITS, InfoSec Office
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- RE: How to best protect IIS server Jason Zann (Aug 11)
- <Possible follow-ups>
- RE: How to best protect IIS server Ryan Russell (Aug 11)
- Re: How to best protect IIS server H. Morrow Long (Aug 11)