Two experiments of xinetd

Source: Internet
Author: User
Tags connection reset

Reference article: http://blog.sina.com.cn/s/blog_88cdde9f01019fg5.html

XINETD Practice One: Use XINETD to set sensor traps to isolate malicious access


1. Check if you have these packages
[Email protected] ~]# Rpm-qa|grep rsh-server
rsh-server-0.17-60.el6.i686
[Email protected] ~]# Rpm-qa|grep rsh
rsh-server-0.17-60.el6.i686
rsh-0.17-60.el6.i686
[Email protected] ~]# Rpm-qa|grep telnet-server
telnet-server-0.17-46.el6.i686
[[email protected] ~]# Rpm-qa|grep telnet
telnet-0.17-46.el6.i686
telnet-server-0.17-46.el6.i686


2. Let them start
[Email protected] ~]# chkconfig rlogin on
[Email protected] ~]# chkconfig rsh on
[[email protected] ~]# chkconfig telnet on


3. Modify the configuration file
Service Login
{
Disable = no
Socket_type = Stream
wait = no
user = root
Log_on_success + = USERID
Log_on_failure + = USERID
Server =/usr/sbin/in.rlogind
Flags = SENSOR
Deny_time = Forever
}
The previous Telnet does not work, you can go to shut down the firewall (this thing is very abusive people ah, many times because it made the desperate, so this time it is my wit, shut it)
[[Email protected] desktop]# Telnet 192.168.70.150
Trying 192.168.70.150 ...
Connected to 192.168.70.150 (192.168.70.150).
Escape character is ' ^] '.
Red Hat Enterprise Linux Server Release 6.0 (Santiago)
Kernel 2.6.32-71.el6.i686 on an i686
Login:qys
Password:
Last Login:sat Dec 00:35:55 from 192.168.70.1


4. Restart effective

[Email protected] ~]#/etc/init.d/xinetd restart
stopping xinetd: [OK]
Starting xinetd: [OK]


5. Client-side testing
[Email protected] desktop]# rlogin 192.168.70.150
Connect to address 192.168.70.150 Port 543:connection refused
Trying normal rlogin (/usr/bin/rlogin)
Rcmd:192.168.70.150:connection Reset by peer


6. Explanation
The reason is that the xinetd service is actually listening on the Rlogin-server port, and because of the flags=sensor tag, sensor logs the client IP and adds it to the global no-access list. So malicious access doesn't have access to xinetd managed services.

Experiment two: Build custom xinetd Hosting Services


Premise: Turn off the firewall

1. Customize a service (don't forget to compile):
[Email protected] desktop]# CAT/TMP/HELLO.C
#include <stdio.h>
int main () {
printf ("hello,buddy!\n");
return 0;
}


2. Add a new file in Xinetd.d, called Hello_server
[Email protected] desktop]# Cat/etc/xinetd.d/hello_server
#cp Telnet Hello
#vim Hello


Service Hello_server
{
Disable = no
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/tmp/hello
Log_on_failure+=userid
Port = 9015
}


3. Add the new service to/etc/services
[Email protected] desktop]# cat/etc/services |grep 9015
Hello_server 9015/tcp


4. Restart the XINETD service
5. Check whether 9015 is turned on
[Email protected] desktop]# Netstat-tnlp|grep 9015
TCP 0 0::: 9015:::* LISTEN 2254/xinetd
6. Test:
[[Email protected] desktop]# telnet 192.168.70.150 9015
Trying 192.168.70.150 ...
Connected to 192.168.70.150 (192.168.70.150).
Escape character is ' ^] '.
hello,buddy!
Connection closed by foreign host.

Two experiments of xinetd

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.