Network Services

2009 Mar 01

DNS Email FTP HTTP r-commands Telnet TFTP X Windows

Default installations leave many of these services active, waiting for user (and attacker) connections. Turn off all unrequired services! Many of these services started on Unix systems but are now also available on Windows systems too.

DNS: Domain Name Services

DNS servers are used by clients to translate domain names to IP addresses, among other capabilities. A very common DNS server on Unix systems is the Berkeley Internet Name Domain (BIND) server. DNS servers are usually started with init, and run in the background listening for requests. If an attacker can disable you DNS servers, or worse yet, remap you domain name to another IP address, they could seriously undermine access of your systems on your internal network or across the Internet.


Many mail servers are available. One of the most popular is sendmail which has both free and commercial versions. Unfortunately, sendmail has a variety of security problems, many of which allow and attacker to gain root privileges on a vulnerale system. Be sure to apply all security patches.

FTP: The File Transfer Porotocol

FTP is used to move files between systems. FTP servers are started by inetd. All data is unencrypted and hence can easily be captured by an attacker or be hijacked.

HTTP (HyperText Transfer Protocol) and Web Services

Web servers send information to Web browsers using HTTP. Many Web server packages are available from the free Apache Web server, available at, to commercial servers such as Netscape's products. Web servers are usually started by init. Because Web servers are publicly available they are frequent targets of attackers.

NFS: Network File System

NFS allows users to transparently access files across the network, making the remote directories and files apear to the user as though they were part of your local file system. On the system where the files are to be shared, the NFS server exports directories or partitions or a single file or a device (e.g. a zip drive).

Other machines can mount these exports at specific points in their file system (e.g. the /mnt/files/ directory). A user merely has to change directory to /mnt/files/ and below to have access to the remote files without having to explicitly transfer the files as FTP (or TFTP) would require.

On Unix systems the mountd daemon is responsible for handling mount requests. Once mounted the nfsd daemon is the server that works with the kernel to do the appropriate file transfers. On BSD system the file /etc/exports describes which files and directories are exported to which hosts on the network. Other Unix variants have different mechanisms in place.

Attackers frequently scan networks looking for world accessible NFS exports to see if any sensitive data can be read or altered. Carefully limit such NFS access (both files and hosts) and the file permissions. It is best to use the secure file transfer features of the Secure Shell (SSH) tool or an IPSec based virtual private network (VPN).


The r-commands (e.g. rlogin, rsh, and rcp) are used to remotely interact with Unix systems. Each of these services is stared by inetd, and allow an attacker an opportunity to subvert Unix trust relationships.

Telnet: Remote Command Line Access

Telnet provides a remote command line interface across the network. To login, users type in their user name and password to a telent client which passes tha to a telnet server. The telent server, telnetd, is invoked by inetd. All telnet data is unencrypted and can easily be captured by a attacker. Further, telnet sessions can be easily taken over by an attacker in what is called a session hijacking attack.

TFTP: The Trivial File Transfer Porotocol

TFTP clients and servers implement a subset of the FTP protocol and is used to move files between systems without any authentication. TFTP servers are usually started by inetd.

X WIndows

The X Window System (X11) provides the GUI on must Unix systems. An X server controls the screen, keyboard and mouse - offering them to various programs that wish to display images or get input from users. A common X program is xterm which implements a command line interface to run a command shell in a window on an X display.

X can be attacked in many ways. To prevent such attacks use the xhost command or X magic cookies to limit who can connect to your display or see the data on your screen. If you machine does not require a GUI (such as a server with a dumb terminal) delete (or disable) the X Window software to prevent attacks. X is not encrypted, so use a VPN or SSH if sensitive data is involved.