About Telnet – FTP – TFTP

Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Telnet was developed in 1969 beginning with RFC  extended in RFC , and standardized as Internet Engineering Task Force (IETF) Internet Standard STD , one of the first Internet standards. The name stands for “teletype network”

Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a remote host, including most network equipment and operating systems with a configuration utility (including systems based on Windows NT). However, because of serious security concerns when using Telnet over an open network such as the Internet, its use for this purpose has waned significantly in favor of SSH.

The term telnet is also used to refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all computer platforms. Telnet is also used as a verb. To telnet means to establish a connection using the Telnet protocol, either with command line client or with a programmatic interface. For example, a common directive might be: “To change your password, telnet into the server, log in and run the passwd command.” Most often, a user will be telnetting to a Unix-like server system or a network device (such as a router) and obtaining a login prompt to a command line text interface or a character-based full-screen manager.

/etc/ftpd/ftpusers file lists the names of users who are prohibited from connecting to the system through the FTP protocol

The FTP server daemon in.ftpd reads the /etc/ftpd/ftpusers file when an FTP session is invoked. If the login name of the user matches one of the listed entries, it rejects the login session and sends the Login failed error message

svcadm enable/disable ftp

telnet service enable & disable procedure in solaris 10

inetadm -d telnet ————–Disable
-e ———-Enable

# inetadm -l telnet
SCOPE NAME=VALUE
name=”telnet”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.telnetd”
user=”root”
default bind_addr=””
default bind_fail_max=-1
default bind_fail_interval=-1
# vi /etc/ftpd/ftpusers ————-given denied access in ftpusers in Server machine
telnet & ftp service enable & disable procedure in solaris 8 & 9
!) go to /etc/inet
# cd /etc/inet/
2) copy the inetd.conf
# cp -p inetd.conf inetd.conf.20082010
# vi inetd.conf
“inetd.conf” 194 lines, 7454 characters
##
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd
#
#

# pkill -HUP inetd
# telnet localhost
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
SunOS 5.8

WARNING: Access to this computer system is limited to authorised
users only.
Unauthorised users may be subject to prosecution under
the Crimes Act or State legislation.
All customer details are confidential and must
not be disclosed.

login:
telnet> q
Connection closed.

If not running

/usr/sbin/inetd -s for starting the service

FTP IMPLEMENTATION:
Wu – ftpd => Washington University ftpd daemon
FTPD binds to TCP port 21 and is running by default.
SMF controls FTP service configuration.

3.# svcs–alftp Displays the status of the ftp service.
# pkginfo –l | grep ftp* Displays the detailed information about ftp service.
# pkginfo –x | grep ftp* Displays package information

a. ftpcount, ftpwho [displays the connected users & process information]
b. ftpconfig – utility is used to setup anonymous/guest ftp
c. SUNWftpr – includes

1. /etc/ftpd/ ftpaccess – primary configuration file for wuftpd ftphost – allow/deny access to users from hosts ftpservers – allows root to define virtual hosts ftpusers – users listed are NOT permitted(denied)to access the server via ftp ftpconversions – facilitates tar, compress, gzip support
Note:By default root user is denied to use ftp.
wu –ftp daemon supports 2 types of ftp connections
1. PORT – Active ftp
a. Client > TCP:21 [ServerControlConnection]
b. Client executes ‘ls’ > results in server initiating a connection back to the client usually on TCP:20 [ftpdata]

2. PASU – Passive ftp
a. Client > TCP:21 [ServerControlConnection]
b. Client executes ‘ls’ > results in server opening a high port and instructing the client to source (initiate) a connection to a server.
c. Client sources data connection to high port on server.

# ftpcount
Shows current number of users in each ftp server class v Displays the user counts for ftp server classes defined in virtual host [ftpaccess] V Display program copyright and version information then terminate
# ftpcount Service class Service class Service class
realusers guestusers anonusers

1 0 0
users users users
(no maximum) (no maximum) (no maximum)
# ftpwho Shows current process information for each ftp server user
It’ll display which user is logged in along with the process id
Status of the user will be displayed
Will also display the password given by the anonymous user

OUTPUT:
# ftpwhoService class realusers:bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd:
192.168.0.157: bhagat: IDLE 1 users (no maximum) Service class guestusers: 0 users (no maximum)
Service class anonusers: 0 users (no maximum)
Here,a real user named bhagat is logged through ftp
Note:Login time via ftp is defined in the file /etc/ftpd/ftpaccessTime out in seconds.
Anonymous ftp configuration:
# ftpconfig Setup anonymous ftp
Note:
If the /var/ftp dir does’nt exist, this above command will create and update the dir for anonymouns ftp.
This can also be achieved by using GUI web browser to check the anonymous login using ftp. # mkdir /var/ftp # ftpconfig d /var/ftp # ftpconfig /var/ftp # cd /var/ftp # ls –l

or
# ftpconfig /var/pub
At location bar of the web browser:
ftp://192.168.0.100
1. Will by default show the anonymous user
Ftpd – class support:
Facilitates the grouping of users for the purpose of assigning directives
3default classes:
1. Real users:
a. Can login using shell [ssh/telnet]
b. Can browse the entire directory

2. Guest users:
a. Are temporary users
3. Anonymous user:
a. General public for download capability
All the 3 default classes is defined to the file /etc/ftpd/ftpaccess
Restart the ftp service# svcadm restart ftp
Note:Guest users are similar to real users, except guest users are jailed/chrooted.
Denying Anonymous User account:
FTP SERVER FIRE2 192.168.0.100
#mkdir /ftp_anonymous
bash3.00# ftpconfig d /ftp_anonymous/
Updating directory /ftp_anonymous/
bash3.00# ls /ftp_anonymous/
bin dev etc lib pub usr
bash3.00# ftpconfig /ftp_anonymous/
Updating directory /ftp_anonymous/
bash3.00# svcs -a |grep ftp
disabled 14:40:42 svc:/network/ftp:default
bash3.00# svcadm enable ftp
bash3.00# svcs a |grep ftp
online 15:24:31 svc:/network/ftp:default
bash3.00# ftpwho
Service class realusers:
0 users (no maximum)
Service class guestusers:
0 users (no maximum)
Service class anonusers:
ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1: anonymous/anonymous”gmail.com: IDLE
1 users (no maximum)

Diff between TFTP & FTP
trivial file transfer protocol (TFTP) , file transfer protocol (FTP). What is the major security difference between those two protocols?
FTP is a complete, session-oriented, general purpose file transfer protocol. TFTP is used as a bare-bones special purpose file transfer protocol.
FTP can be used interactively. TFTP allows only unidirectional transfer of files.
FTP depends on TCP, is connection oriented, and provides reliable control. TFTP depends on UDP, requires less overhead, and provides virtually no control.
FTP provides user authentication. TFTP does not.
FTP uses well-known TCP port numbers: 20 for data and 21 for connection dialog. TFTP uses UDP port number 69 for its file transfer activity.
trivial file transfer protocol (TFTP) , file transfer protocol (FTP). What is the major security difference between those two protocols?
FTP is a complete, session-oriented, general purpose file transfer protocol. TFTP is used as a bare-bones special purpose file transfer protocol.
FTP can be used interactively. TFTP allows only unidirectional transfer of files.
FTP depends on TCP, is connection oriented, and provides reliable control. TFTP depends on UDP, requires less overhead, and provides virtually no control.
FTP provides user authentication. TFTP does not.
FTP uses well-known TCP port numbers: 20 for data and 21 for connection dialog. TFTP uses UDP port number 69 for its file transfer activity.