cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall still letting through Telnet attempts

Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Firewall still letting through Telnet attempts

I posted a while ago about seeing Telnet attempts in my router log, even though I have the PlusNet firewall set to block common ports, i.e. ports lower than 1024. Though it's just the odd attempt here and there and the router doesn't let them through anyway, I'm surprised to see them there at all. (I have the router set to show telnet attempts from when I used to set the noise margin manually via telnet.)
Here's the log records of the latest 2 attempts (with my IP address disguised)
Wed, 2010-07-14 10:46:49 - TCP Packet - Source:69.90.218.103,39310 Destination:212.159.XX.XXX,23 - [TELNET rule not match]
Fri, 2010-07-16 22:46:37 - TCP Packet - Source:210.34.4.68,47524 Destination:212.159.XX.XXX,23 - [TELNET rule not match]
This shouldn't be happening should it?

Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
12 REPLIES 12
Anonymous
Not applicable

Re: Firewall still letting through Telnet attempts

[quote=Mad Moggies]even though I have the PlusNet firewall set to block common ports, i.e. ports lower than 1024.
Have you restarted your internet connection since setting the Plusnet firewall ? as it says in the documentation https://portal.plus.net/support/security/firewalls/broadbandfirewall.shtml
[quote=from Broadband Firewall documentation -]Remember! If you change your firewall setting, you must restart your Internet connection for the change to take effect.
Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Re: Firewall still letting through Telnet attempts

I've restarted my internet connection several times since I last asked about this on the forums. Hence me bringing it up again!
Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Anonymous
Not applicable

Re: Firewall still letting through Telnet attempts

Do you get a telnet entry in your router log when you run the "ShieldsUp!!" test ?  http://www.grc.com/intro.htm
Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Re: Firewall still letting through Telnet attempts

No, nor with the similar Norton online security check. I ran the Norton check last night before posting and assumed a third attempt was from that, but looking it up it appears not to be Norton after all.
With this latest one I got an odd sort of message in the result when I looked it up - I got the same with one of the others.
# Query terms are ambiguous.  The query is assumed to be:
#    "n 67.134.208.132"
This was then resolved to an ISP etc in the USA.
With both Shields Up and Norton it all comes up as stealthed, which is how I've have it set up for years. And before anyone suggests people trying to contact an IP address that's been re-allocated, I've had the same static IP address since I joined PN!
Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Anonymous
Not applicable

Re: Firewall still letting through Telnet attempts

[quote=Mad Moggies]With both Shields Up and Norton it all comes up as stealthed
They should be showing stealthed as either your router, or the Plusnet firewall will have blocked the port-23 scan.
You did not say though whether there was any corresponding entry on your router log, because if there was then that would indicate a fault with the Plusnet firewall.
Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Re: Firewall still letting through Telnet attempts

I did say there were no entries in the router log from Shields Up and Norton, but perhaps not clearly enough!
There shouldn't be any attempts getting to the router except from within this house. If it was showing attempts from nearby wireless networks (which shouldn't be able to see the router anyway), then they should show up with the internal network address of the offending computer or its router I would think and none of these addresses look remotely like the sort those are usually set to.

P.S. The last attempt, which I assumed was Norton but appeared not to have been, was just a port scan, not a Telnet attempt. Further investigation (i.e. Googling) has revealed that 67.134.208.132 IS Norton after all, even though it doesn't come up as that via any sort of search in the Mac's Network Utility. That would tally as, with the PN firewall setting I have, a port scan of higher ports would get through to the router. OK though because I have everything stealthed and the Norton scan reported that to be the case.
With Shields Up I only did the common ports scan, as that's all I have blocked by the PN firewall.
Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
BenTrimble
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 2,106
Registered: ‎06-02-2008

Re: Firewall still letting through Telnet attempts

Your connection's been ongoing for four days, so are you sure you have rebooted your router? In any case, telnet isn't getting through...
Quote
C:\Documents and Settings\btrimble>telnet 212.159.XXX.XXX 23
Connecting To 212.159.XXX.XXX...Could not open connection to the host, on port 23: Connect failed
Anonymous
Not applicable

Re: Firewall still letting through Telnet attempts

Hi Ben
I think you are missing the point !
Mad Moggies already knows that telnet attempts don't get past their local router's firewall, because it says so in the router logs - so the test you did would report "Connect failed".
The point is that Mad Moggies Plusnet account firewall is set to block various ports (including telnet on port 23), and the question (as I understand it) is how are telnet connection attempts getting past the Plusnet firewall but correctly blocked by the local router, and therefore generating router log entries.
BenTrimble
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 2,106
Registered: ‎06-02-2008

Re: Firewall still letting through Telnet attempts

Whoops, my bad there!
I've had it confirmed that the text is wrong on the firewall description and the 'low' setting should block port 23, 'block common ports' should not. I'm currently investigating and will be raising an internal problem to have this corrected.
Anonymous
Not applicable

Re: Firewall still letting through Telnet attempts

So that explains HOW telnet (port 23) was getting through.  Smiley
The remaining issue then is why did the Norton security port scan not cause a router log entry ? !  Undecided
Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Re: Firewall still letting through Telnet attempts

Norton (full scan) showed up as a general port scan but Shields Up (common ports scan only) didn't register on the router at all. Nor is anything showing for today.
Ben, glad you've been able to explain why random Telnet attempts are reaching the router.
BTW, I've had the PN firewall set that way for months now and my connection has been restarted several times since it was set!
Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
BenTrimble
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 2,106
Registered: ‎06-02-2008

Re: Firewall still letting through Telnet attempts

Now raised as problem 62778.