Telnet port 23 open
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Telnet port 23 open

  1. #1
    Member amorphous's Avatar
    Join Date
    Jan 2003
    Posts
    61

    Telnet port 23 open

    I have a security question. My dsl provider gives me a modem/router to use for their service. I have tried to make my computer as secure as possible. Every time I run any kind of online security scanner it tells me everything looks great except that telnet port 23 is open. I have gone in and manually closed this port and configured my firewall to block this port yet it remains open. The only thing I can figure is that it is open on the modem so my provider can dial in to check when I am having connection problems.

    My question is this...how much of a risk does this pose? I am running Win XP Pro with Norton A/V and firewall. I also have a linksys wireless router with ssid broadcast disabled, WEP encryption enabled with 128 bit encryption going, changed all the user id/passwords, MAC filter enabled and configured the router to only allow 1 connection...me.

    So as I was saying...just how much of a risk is involved with my dsl modem still allowing telnet connections to itself?

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    Most likely your DSL modem is a bridge and not a router..a dumb device that does not need
    an IP address (layer 2 device) but probably is assigned one by your ISP for management purposes. Im assuming your ISP was smart enough not to assign it a default gateway.
    This way no one other than your provider who is connected on same datalink can access device. No one else on internet can, because DSL modem/bridge w/o a gateway does not know how to respond back to an address on diff subnet than itself..(TCP/IP 101)

    If it is a router, thats not good. put a firewall behind it and secure yourself.
    You should try and attempt to scan from the outside and see if you DSL modem responds..

    Because If it does, it can be compromised (passwrd crack tool) and or brought down
    (DoS attack)..

    Good Luck...

  3. #3
    Member amorphous's Avatar
    Join Date
    Jan 2003
    Posts
    61
    As stated previously. When running online port scanners such as the ones at dslreports.com and grc.com they claim port 23 is open. I can only assume that it is the dsl modem responding since I have closed the port on my computer and configured the firewall to block it also.

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    My next question to you is ,
    Do you have a DSL router or DSL bridge?
    This depends on ISP and customers preference.

    Im assuming you have residential DSL where your ISP
    provides you with a DHCP dynamic address versus a static one.


    I also forgot to ask you before, how did you know what IP to scan for?


    Because this is the case you can easily figure out what type of DTE
    device you have, check the IP configs of your PC, if it is a public address then
    your DSL Modem is most likely a bridge, and if its a private address then it is a router..

    If your not sure which is which, any address other than the following means it is public
    10.x.x.x
    172.16.x.x-172.31.x.x
    192.168.x.x

    P.S.
    Sorry its late and havent slept for 2 days, power outage kept me busy working with clients..
    the statement

    "I also forgot to ask you before, how did you know what IP to scan for? "
    shouldof been ate end of reply not in middle ....

  5. #5
    Member amorphous's Avatar
    Join Date
    Jan 2003
    Posts
    61
    It is a router, I never said it was a bridge.
    My computer has a private ip address.
    Yes I have a dynamic address...not static.
    Some of the sites that do the port scans have tools that show the current ip address.

    ipconfig just returns the private ip of my computer.

    edit: I also have a couple downloaded programs that will show my current ip address.

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    gunit was just thinking that it might of been a bridge from the information supplied.

    Since this is a router we are talking about here, and your telnet port is open, you might try to forward the port. This is if your router supports this. For an example though, you would log into your router and go the the port forwarding section from there you forward port 23 to port 23 but for the IP put in a IP that would never be assigned to one of your comptuers.

    On my network I have port 113 forwarded to 192.168.1.50. I only have three computers on my network so I'll never have that IP. By doing that, if some attempts to connect to that port the packets will be dropped since there is no computer there.

    Now it is 1 in the morning here so I might of gotten that wrong but maybe it will help you.

    btw: If you wanto to know your IP go to www.whatismyip.com or www.ipchicken.com. Thats one of the ways.
    =

  7. #7
    Member amorphous's Avatar
    Join Date
    Jan 2003
    Posts
    61

    Re: Telnet port 23 open

    So as I was saying...just how much of a risk is involved with my dsl modem still allowing telnet connections to itself? [/B]
    I guess it must be late. This was a security conjecture for feedback on the possible risks. I know I have a dsl router...not a bridge. I am not trying to find out my IP address. I have a very good computer/firewall/router setup that is well updated and patched. I have a wireless router between my computer and the dsl router...also as well configured as possible. (Also with a different IP than my computer or the dsl router...and no...not the standard 192.168.1... as most people use.)

    I was merely wondering about the risks involved with the dsl router allowing telnet connections...such as the possibility of someone hijacking my internet connection. Any info would be appreciated.

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I think I know what you are asking here....

    If the port is open and listening, then yes, there is a possibility that someone can connect and gain access to the device. Most DSL modems have port 23 open for remote management by you or your ISP. Once more, the device itself probably has it's own tcp/ip stack and who knows how solid it is. Remember, stack implementations vary by manufacturer.

    Knowing this, and that you have a linksys device behind it, I'd say that your internal network is fine because they would have to first get past the DSL modem and *then* past the linksys router. On top of that, you have a personal firewall on each PC so I'd say you've done exactly what a home user should do to stay secure.

    My best guess is that someone could wipe you off the net or make your DSL modem inoperable by changing all the settings once inside. If you want me to try, go ahead and PM me and I can tell you if the device is accepting connections.

    Does that answer your question?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Member amorphous's Avatar
    Join Date
    Jan 2003
    Posts
    61
    Yes it does, and thank you very much. I figured that I was fairly secure with my setup the way it is. I highly doubt that my isp would allow me to change the settings on the dsl router since "its their equipment."

    Thanks for the help.

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    On my network I have port 113 forwarded to 192.168.1.50. I only have three computers on my network so I'll never have that IP. By doing that, if some attempts to connect to that port the packets will be dropped since there is no computer there.
    I do this with my cisco router. I forward port 23 (which doesn't allow logins on the router) to machine 192.168.0.254 and port 80 (cisco web setup) to the same address. There will never be any machine at that address, so I don't have to worry about people trying to connect. I hope.

    Does anyone know if it is possible to forge the packets to make it go to a different address? Or... is is safe to do this? Sorry to "hijack" your thread... but I think it fits in here.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •