Thanks to the following who helped out!!!:
Dr. Thomas Blinn
Arrigo Triulzi
The original question:
-------------------------------------------------------------------------
> We do not have banners, and our (post-login) motd doesn't have the
> flavour name. However, if they telnet to the machine they get:
> Digital UNIX ({machine}.scs.unr.edu) (ttyvd)
> without having to log in. Is this worth changing? How would one go
> about doing it? (we have a source license, btw).
The responses:
-------------------------------------------------------------------------
I don't know whether the telnet RFC requires that the system name be
present.
In any case, it's hardwired in the telnetd sources. We don't claim that
you can rebuild any of the layered software from what's in the source kit,
but I suspect you can probably figure out how to build telnetd, and if you
manage to build it, changing that text string would probably be trivial.
In fact, if you have a good binary file editor, you could easily change it
in the strings pool in the application (it's output by a trivial routine,
you can look in the telnetd sources to see how it's implemented).
(the next one is a follow up to the previous one):
-------------------------------------------------------------------------
I have heard rumors that Emacs can be used to edit a binary file; you'd need
to put in a replacement string that was EXACTLY the same length as what is in
the program to start with, of course.. :^)
-------------------------------------------------------------------------
Well, there are diverging opinions on it. The best idea is to block
telnet outright and force ssh if you can. This is not always practical
in an educational environment. What I suggest is that you either edit
/etc/gettydefs. This is not for the faint of heart.
A trivial fix, which is what I suggested was to use /etc/issue and/or
TCP/Wrappers banners to fake an OS (and therefore have two separate
banners). The reason is that these scans are at the moment rather
trivial. There are of course more in-depth scans which do not involve
something as open as a telnet connection (for this I recommend a
thorough reading of
http://geek-girl.com/bugtraq). The idea is to stop
these simpletons before they try something else, or at least confuse
them.
-------------------------------------------------------------------------
thanks and
cheers,
_____________________________________________________________________________
Ian Veach, Systems Software Analyst, UCCSN Systems Computing Services
ivo_at_nevada.edu, VOICE: (775) 784.6486, FAX: (775) 784.1108
_____________________________________________________________________________
Received on Wed Jan 20 1999 - 16:38:36 NZDT