Curious action

Network Admin netadmin at barton.ca
Wed Aug 11 11:36:52 PDT 2004 

Xinetd version: xinetd-2.1.8.9pre14-5mdk

Recently I was demonstrating how easy it was to disable a service using xinetd.  The service I picked was telnet.  I added "disabled = yes" to the telnet definition in the xinetd.d directory and then restarted xinetd so the changes took effect.

The next time I tried to connect the server gave me the "refused connection" message as expected.  However, shortly after the first attempt, I tried it again and presto up came the login prompt.  I did a netstat on the server and there was port 23 listed as open.

I once again restarted xinetd and immediately checked for port 23 but it was nowhere to be seen.  I then tried connecting three times in a row and each time I got the "refused connection" message. "Ah-hah", I thought, " that fixed it!"  However, after waiting for a few minutes, I once more tried to connect and up came the login prompt again.

Very curious!

My next move was to completely remove the definition from the xinetd.d directory.  This time the telnet service stayed dead.

I waited 1/2 hour and tried again and the telnet session was still dead.

I moved the telnet definition file back into the xinetd.d directory, restarted xinetd and tried again.  Still dead.

Waited 5 minutes and tried again and presto, like magic it was back again.  "Talk about reliability!!!!"

My solution is to just remove the definition for the time being.  Possibly upgrading to the lastest version of xinetd will resolve this glitch.  If not, at least someone will know about it and possibly correct it in a later version.

My telnet definition file looks like this:

service telnet
{
        flags = REUSE
        log_on_failure += USERID
        socket_type = stream
        user = root
        server = /usr/sbin/in.telnetd
        wait = no
        only_from = 10.25.0.0/16
        disable = Yes
}


Ken Smith
Network Engineer
Barton Insurance Brokers Ltd
TEL:(604)703-7056
FAX (604)703-7099
ksmith at barton.ca

"FAILURE is not an option ... it's built in to all MicroSoft products!"

More information about the freebsd-cvsweb mailing list