Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

How do i change the telnet response to not reveal op system.

SOLVED
Go to solution
Jonathan Corbeill
Occasional Advisor

How do i change the telnet response to not reveal op system.

I have a system that is accessible from the internet. I was told that I should conceal its operating system so hackers could not use the os weaknesses to hack into the system. Currently when the system responds to a telnet response it gives the os and other infomation. How can I change the information provided to the user when responding to a telnet request?
4 REPLIES
Vincenzo Restuccia
Honored Contributor

Re: How do i change the telnet response to not reveal op system.

Edit /var/adm/inetd.sec
telnet allow 10.10.19.1 10.10.19.19 10.10.19.80 10.10.19.101
after
#inetd -c
only this ip can access your host.
Patrick Wallek
Honored Contributor

Re: How do i change the telnet response to not reveal op system.

Do you have to have telnet capability into the box from the Internet? If not I would just disable telnet altogether. You could do this a couple of ways. 1) Comment the telnet services out of /etc/inetd.conf and /etc/services or 2) Look at the file /var/adm/inetd.sec This file allows you allow or disallow services based on IP address. If you have to have telnet enabled, put an entry in /var/adm/inetd.sec so that only the IP addresses that have to get in are allowed. Here is a sample inetd.sec entry:

telnet allow 172.30.*

After you modify the inetd.sec file you should do an 'inetd -c' so that the inet daemon will reread all its configuration files.

A. Clay Stephenson
Acclaimed Contributor
Solution

Re: How do i change the telnet response to not reveal op system.

Ho Jonathan,

vi /etc/inetd.conf and locate the telnet entry.
At the end of the line add -b /dev/null.
-b specifies the banner file. Finally do an inetd -c to force a reread of /etc/inetd.conf and you're done.

Regards, Clay
If it ain't broke, I can fix that.
Joseph T. Wyckoff
Honored Contributor

Re: How do i change the telnet response to not reveal op system.

Are you concerned that telnet tells the hackers that your box is UX?

Using a port scanner they can figure this out without telnet - so 'fixing' telnet not to tell them you have UX 11 (or whatever) is largely wasted energy - unless you are doing a fairly comprehensive review of your security, and fixing other holes...

Omniback and NT problems? double check name resolution, DNS/HOSTS...