HPE Community
Operating System - HP-UX
1755618 Members
3507 Online
108836 Solutions
New Discussion юеВ

Re: Ping,Telent

 
David_492
Advisor

тАО10-26-2003 06:20 PM

тАО10-26-2003 06:20 PM

Ping,Telent

Dear aLL

could any body tell me how i can prevent anybody outside to ping or telnet to my servers?without using SSH.

my servers are HPUX-rp8400
0 Kudos
Reply
8 REPLIES 8
Thierry Poels_1
Honored Contributor

тАО10-26-2003 06:25 PM

тАО10-26-2003 06:25 PM

Re: Ping,Telent

Hi,

the most secure way is to block this on the firewall.

You can have a look at /var/adm/inetd.sec to block addresses/address ranges, but if somebody can logon to another server on your LAN, he might be able to ping/telnet from that server.

good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
blal
Frequent Advisor

тАО10-27-2003 03:01 AM

тАО10-27-2003 03:01 AM

Re: Ping,Telent


Hi

You can do it in the inetd security file .

/var/adm/inetd.sec .

After doing the modification do inetd -c to force inetd demon to read the config file.
Live and let live.
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО10-27-2003 03:25 AM

тАО10-27-2003 03:25 AM

Re: Ping,Telent

Hi,

to disable telnet, edit the /etc/inetd.conf file and comment out "#" the line starting with telnet.

telnet stream tcp nowait root /usr/lbin/telnetd telnetd

And then run inetd -c to force inetd to reread its configuration.

You cannot disable ping to your system. Also disabling telnet could be a risky move. So be carefule before you do something like that.

Hope this helps.

Regds
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-27-2003 03:45 AM

тАО10-27-2003 03:45 AM

Re: Ping,Telent

The ping part might requier ipfilter.
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA


The telnet as noted can be done by disabling telnet or the inetd.sec change noted above.

If I'm wrong about the ping part, I'd like to see an inetd.sec example that shows how to disable ping(if this were my question that would be the prerequisite for earning a bunny).

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО10-27-2003 08:04 AM

тАО10-27-2003 08:04 AM

Re: Ping,Telent

You can partly turn off pings with:

ndd -set /dev/ip ip_respond_to_echo_broadcast 0

This will keep it from responding to broadcasts (a.b.c.255) but it will still want to respond to a direct request.


http://www.cromwell-intl.com/security/security-stack-hardening.html

also recommends:

ndd -set /dev/ip ip_forward_directed_broadcasts 0

ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0

ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0

ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

Ron
0 Kudos
Reply
David_492
Advisor

тАО10-27-2003 11:40 PM

тАО10-27-2003 11:40 PM

Re: Ping,Telent

I tried to use the command

ndd -set/dev/ip ip_respond_to_echo_broadcast 0

and i use other commands but always i got module ' ndd.......' invalid argument any body has an idea inorder to disable ping.
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО10-28-2003 01:43 AM

тАО10-28-2003 01:43 AM

Re: Ping,Telent

Not sure why it doesn't show but there is a space between -set and /dev... on all of the commands.

Ron
0 Kudos
Reply
Brian Lee_4
Regular Advisor

тАО10-28-2003 03:11 AM

тАО10-28-2003 03:11 AM

Re: Ping,Telent

You can not set up blocking "ping" in a server but do it in firewall.
However, you can set which IP address can or cannot telnet in to the server in /var/adm/inetd.sec file.
After you finish configuring the file, run "inetd -c" to refresh network setting.

brian lee
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.