× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2007

Re: blocking remote telnet

the logs were showing me an address in Australia (which means user could be anywhere). I'm looking to see if thru any other listening server on a diff port than telnet (23) one can access terminal emulation and virtual terminals. What ever client they used was changing my existing virt devices to VT100.
By guesssing a know name (like qpadev0001) that did exist, it did not require creating a new virtual to connect.
I do see APPCoverTCP is running and wondering if a hacker can connect through that???
jim
----- Original Message ----- From: "Brian Lewis" <brian@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Wednesday, June 06, 2007 9:53 PM
Subject: Re: blocking remote telnet


Excerpts from Jim Franz's message of Wed Jun 06 20:40:10 -0500 2007:
Customer's network admin swears firewall blocks port 23 (telnet, both tcp&udp).
I tested remotely from windows, and telnet appears blocked.
But I have a couple pages of logs someone remotely trying to guess a password
for "root" and "admin", etc with existing virtual device names like qpadev0001.

I'd like to know more information from the logs. Do they give the source
IP addresses of the clients trying to log in?

If there really is no way to get to your system from the Internet, I
guess you have to conclude that the attacks are coming from inside the
network, perhaps from some compromised machine that *is* accessible via
the Internet.

--
Brian Lewis
http://www.i5sec.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.