Firewall still letting through Telnet attempts
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Firewall still letting through Telnet attempts
Firewall still letting through Telnet attempts
17-07-2010 6:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Here's the log records of the latest 2 attempts (with my IP address disguised)
Wed, 2010-07-14 10:46:49 - TCP Packet - Source:69.90.218.103,39310 Destination:212.159.XX.XXX,23 - [TELNET rule not match]
Fri, 2010-07-16 22:46:37 - TCP Packet - Source:210.34.4.68,47524 Destination:212.159.XX.XXX,23 - [TELNET rule not match]
This shouldn't be happening should it?
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: Firewall still letting through Telnet attempts
18-07-2010 12:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you restarted your internet connection since setting the Plusnet firewall ? as it says in the documentation https://portal.plus.net/support/security/firewalls/broadbandfirewall.shtml
[quote=from Broadband Firewall documentation -]Remember! If you change your firewall setting, you must restart your Internet connection for the change to take effect.
Re: Firewall still letting through Telnet attempts
18-07-2010 12:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: Firewall still letting through Telnet attempts
18-07-2010 12:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Firewall still letting through Telnet attempts
18-07-2010 9:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
With this latest one I got an odd sort of message in the result when I looked it up - I got the same with one of the others.
# Query terms are ambiguous. The query is assumed to be:
# "n 67.134.208.132"
This was then resolved to an ISP etc in the USA.
With both Shields Up and Norton it all comes up as stealthed, which is how I've have it set up for years. And before anyone suggests people trying to contact an IP address that's been re-allocated, I've had the same static IP address since I joined PN!
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: Firewall still letting through Telnet attempts
18-07-2010 9:14 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
They should be showing stealthed as either your router, or the Plusnet firewall will have blocked the port-23 scan.
You did not say though whether there was any corresponding entry on your router log, because if there was then that would indicate a fault with the Plusnet firewall.
Re: Firewall still letting through Telnet attempts
18-07-2010 9:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There shouldn't be any attempts getting to the router except from within this house. If it was showing attempts from nearby wireless networks (which shouldn't be able to see the router anyway), then they should show up with the internal network address of the offending computer or its router I would think and none of these addresses look remotely like the sort those are usually set to.
P.S. The last attempt, which I assumed was Norton but appeared not to have been, was just a port scan, not a Telnet attempt. Further investigation (i.e. Googling) has revealed that 67.134.208.132 IS Norton after all, even though it doesn't come up as that via any sort of search in the Mac's Network Utility. That would tally as, with the PN firewall setting I have, a port scan of higher ports would get through to the router. OK though because I have everything stealthed and the Norton scan reported that to be the case.
With Shields Up I only did the common ports scan, as that's all I have blocked by the PN firewall.
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: Firewall still letting through Telnet attempts
19-07-2010 1:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote C:\Documents and Settings\btrimble>telnet 212.159.XXX.XXX 23
Connecting To 212.159.XXX.XXX...Could not open connection to the host, on port 23: Connect failed
Re: Firewall still letting through Telnet attempts
19-07-2010 2:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think you are missing the point !
Mad Moggies already knows that telnet attempts don't get past their local router's firewall, because it says so in the router logs - so the test you did would report "Connect failed".
The point is that Mad Moggies Plusnet account firewall is set to block various ports (including telnet on port 23), and the question (as I understand it) is how are telnet connection attempts getting past the Plusnet firewall but correctly blocked by the local router, and therefore generating router log entries.
Re: Firewall still letting through Telnet attempts
19-07-2010 3:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've had it confirmed that the text is wrong on the firewall description and the 'low' setting should block port 23, 'block common ports' should not. I'm currently investigating and will be raising an internal problem to have this corrected.
Re: Firewall still letting through Telnet attempts
19-07-2010 3:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The remaining issue then is why did the Norton security port scan not cause a router log entry ? !
Re: Firewall still letting through Telnet attempts
19-07-2010 5:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Ben, glad you've been able to explain why random Telnet attempts are reaching the router.
BTW, I've had the PN firewall set that way for months now and my connection has been restarted several times since it was set!
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: Firewall still letting through Telnet attempts
20-07-2010 11:58 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Firewall still letting through Telnet attempts