Re: opening a chat port
On 27 Jul 2004, jmm wrote:
> I do not want to try this until I get some advice :)
> I don't have telnetd and of course, this is so for obvious reasons.
> However, I am thinking if installing something like a chat server which
> defaults to port 7000 would be a big security breach (and telnetd is not
> needed for this, only telnet or telnet-ssl).
>
> The chat server (Amnuts221-patched) will be reached by telneting to port
> 7000.
It sounds like you are conflating the idea that telnet is an insecure
protocol with the fact that a server asks you to use telnet to connect
to it.
The security risk from telnet comes from the fact that it asks for login
information on the server, and that login information is transmitted in
the clear, allowing anyone who can view your packets to obtain those
credentials.
Using the telnet client to connect to a "chat server" is no less secure
than allowing any other sort of TCP connection -- it depends on the
client and server. :)
> If I allow the firewall to open this port (so far the only open
> ports on this machine are 25, 443 and 80) will this be considered a
> security risk?
I would, because I know nothing about the chat server in question.
You need to work out how secure that server is, and then decide if you
are happy with the security risk it implies.
> Other than having the chat server closed and leaving that port open
> without the service...Is there a more secure alternative?
Well, you could look at using SSH or telnet with SSL to access the chat
server, but that only helps if you are concerned about an attack where
people steal a login to the chat server...
Daniel
--
The process we're witnessing now is in fact the capitalist society
trying to squeeze out of each person, like blood from a stone,
whatever commercial value that person may have.
--Marc Rotenberg
Reply to: