Yesterday, on IRC, neale asked if it was wise to run a TCP service on port 1. sneakums replied it was not, since it was a registered service, “tcpmux”. However, nobody immediately knew what “tcpmux” was; Wikipedia provided the answer.

TCPMUX is an ancient, horrible protocol. You connect to a TCPMUX server on port 1, then tell it which TCP service you actually wanted, and it forwards locally for you. Obviously fraught with security problems on the modern Internet. Nonetheless, I immediately wanted to write a TCPMUX server.

I started out by coding to the description in the Wikipedia entry, not knowing there was an RFC. We did find it (RFC 1078), and Neale and I went back and forth tweaking the code. Eventually I stopped with this:


while(<>) {
  if($_ eq "HELP\r\n") {
    print "tcpmux\r\n";
    exit 0;
  } elsif(lc($_) eq "tcpmux\r\n") {
    print "+OK FINE\r\n";
  } else {
    print "-BLOW ME\r\n";
    exit 0;

My friends, that is a fully functional, RFC 1078-compliant, completely secure TCPMUX server, in 11 lines of Perl. Neale has a bash version that he prefers, but I argue mine is better because it’s strictly RFC-compliant (only accepts CRLF, etc). To use it, add this to /etc/inetd.conf:

tcpmux stream tcp nowait nobody /path/to/in.tcpmuxd

To use, telnet to port 1. (You can use nc, but you will have to do something like “echo -ne ‘tcpmux\r\n’ | nc localhost 1” because it will only recognize CRLF-terminated lines per the RFC.) in.tcpmuxd will accept and forward exactly one service, tcpmux. All others will be rejected with a kind explanation. “HELP” will also conveniently list all services it will forward.

You can also test this by telnetting to port 1, which is running a fully functional TCPMUX server.

This service has been painstakingly checked for security flaws. A highly skilled team has gone through the entire codebase, line by line, and has determined that there are no known implementation or security flaws in the service. You’re welcome.