×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Again, are your users using a VPN? Basically, do they have to go to a
special web site, or fire up a special VPN client before they can use
telnet in? We do. VPN does a pretty good job of securing telnet.
Providing that's the only way that telnet will work.
Let's say you are, then Joe Blow should not be able to type in at his DOS
command prompt
telnet bobsiseries
and get in. Instead he would have to initiate a vpn client first.
For example one of our i's may be named PRODUCTION. Now if you try to
ping production on the internet you won't find ours. Instead you'd have
to fire up a vpn connection to us. Then a ping of production would
resolve to our internal ip address for production because the vpn would
use our DNS first instead of your internet provider at home. (Let's
ignore the whole issue of blocking pings for now.)
Now, getting back to netstat...
If you do a NETSTAT *CNN
and see
Remote Remote Local
Address Port Port
10.10.1.130 9071 23
and instead of a nice internal address you see the Chi Comm's address then
the port 23 tells you that they are trying to use telnet to hack into your
system. Most likely you'd see either 21 or ftp-con (switchable using F14
- display port numbers). Or 25 (which is smtp).
The fact that you are seeing these messages are pretty much an indicator
that these people can connect to your system directly without a vpn. Most
of these connections couldn't give a rat's orifice about telnet. They are
far more interested in FTP. Their goal is to find systems out there to
store stuff out there that others can download. Another popular option is
to find open relay smtp servers out there they can relay spam off of.
Scan the midrange archives and ibm for "open relay".
Test ftp access to your server from home. If you have that open, and
business rules dictate that you can't use your firewall to lock ftp down
to a small handful of IP addresses, then you'd better have your resource
security down tighter than said rat's orifice. And probably looking at
"exit point" security from vendors such as Power Tech, NetIQ, BSafe, and a
host of others. We wrote our own.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
