https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614486#M755889 If you want to totally block telnet or ftp services, comment out the service in the inetd.conf. <BR /><BR />Then run inetd -c<BR /><BR />Good Luck,<BR />C Thu, 15 Nov 2001 14:47:20 GMT Craig Rants 2001-11-15T14:47:20Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614483#M755886 Hi everyone,<BR /><BR />I thought inetd.sec was only used to restrict access from remote systems to the local system's services. The man page doesn't indicate otherwise.<BR /><BR />Has anyone actually used inetd.sec to disable connections being initiated from the local system?<BR /><BR />I see how you could deny something like ftp from the local server to itself but that's still blocking it from the server side.<BR /><BR />Thanks,<BR />Darrell Thu, 15 Nov 2001 14:38:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614483#M755886 Darrell Allen 2001-11-15T14:38:59Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614484#M755887 inetd.sec is for incoming not outgoing requests!<BR /><BR />To stop people from using something like ftp or telnet to another machine, simply change the permissions or "group it".<BR /><BR />live free or die<BR />harry Thu, 15 Nov 2001 14:42:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614484#M755887 harry d brown jr 2001-11-15T14:42:47Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614485#M755888 Hi,<BR /><BR />This file is to stop telnet ,ftp,rlogin etc from the other boxes. You can configure it to disable incomming requests.<BR /><BR />-USA.. Thu, 15 Nov 2001 14:44:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614485#M755888 Uday_S_Ankolekar 2001-11-15T14:44:47Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614486#M755889 If you want to totally block telnet or ftp services, comment out the service in the inetd.conf. <BR /><BR />Then run inetd -c<BR /><BR />Good Luck,<BR />C Thu, 15 Nov 2001 14:47:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614486#M755889 Craig Rants 2001-11-15T14:47:20Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614487#M755890 &lt;<ITHOUGHT inetd.sec="" was="" only="" used="" to="" restrict="" access="" from="" remote="" systems="" to="" the="" local="" system="">&gt;<BR /><BR /> You are right. inetd.sec blocks incoming connections from external systems.<BR /> <BR />&lt;<HAS anyone="" actually="" used="" inetd.sec="" to="" disable="" connections="" being="" initiated="" from="" the="" local="" system="">&gt;<BR /><BR />oh yes, i just tried it ;-)<BR />just add the line<BR />telnet deny <SYSTEMNAME><BR />It works. But it holds no meaning. Since, why would i need to stop telnetting into a system from that system iteslf?<BR /><BR /><I see="" how="" you="" could="" deny="" something="" like="" ftp="" from="" the="" local="" server="" to="" itself="" but="" that=""><BR /><BR />when you do telnet , ftp ..<BR />it tries to open a port of that service at the remote server. At the remote server, the inetd daemon services the request. Before the request is serviced, it checks whether it is authorised connection by looking the inetd.sec file.<BR />If from systemA you do telnet to systemA , the local system will also be the remote server! <BR /><BR />HTH<BR />raj<BR /><BR /></I></SYSTEMNAME></HAS></ITHOUGHT> Thu, 15 Nov 2001 15:00:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614487#M755890 Roger Baptiste 2001-11-15T15:00:10Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614488#M755891 Definitely only incoming.... from the man page:<BR /><BR />"When inetd accepts a connection from a remote system..."<BR /><BR />Other unix flavours need to use tcpwrappers to do the same thing, but HP is sooo good to us we don't need it ;-)<BR /><BR />For outgoing (as noted in another thread in the forum), it's removal of access priveleges (chmod 500) that limit outgoing on a box, or firewalls if limiting at a network level.<BR /><BR />Cheers,<BR />James Thu, 15 Nov 2001 15:04:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614488#M755891 James Beamish-White 2001-11-15T15:04:27Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614489#M755892 Thanks everyone.<BR /><BR />So far I've heard nothing different from what I thought: inted.sec is only for incoming connections (server side, that is).<BR /><BR />Raj, in reference to disabling connections initiated from the local system, would you expand on what you mean when you say it works but it holds no meaning? I poorly worded the question before. To be specific, can inetd.sec be used to deny a user on the same box from initiating a connection as a client to another host? I think you're saying no which is what I believe to be true as well.<BR /><BR />Darrell Thu, 15 Nov 2001 15:20:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614489#M755892 Darrell Allen 2001-11-15T15:20:53Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614490#M755893 Hi Darrell,<BR /><BR />As other have already said, inetd.sec is to restrict/prevent access to your system, not from your system.<BR /><BR />Hope this helps.<BR /><BR />Regds<BR /> Thu, 15 Nov 2001 15:32:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614490#M755893 Sanjay_6 2001-11-15T15:32:59Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614491#M755894 Thanks for confirming my understanding of this issue.<BR /><BR />Darrell Thu, 15 Nov 2001 16:21:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-sec/m-p/2614491#M755894 Darrell Allen 2001-11-15T16:21:47Z