Board index OpenBSD

a person is hammering my port 23

a person is hammering my port 23

Post by Breh » Sun, 26 May 2002 17:48:27



Hello,

OBSD 2.8

Curious what if anything I should do about the following problem.

For some reason a person/machine keeps attempting to login to my ip
address via Telnet.  Of course I have it blocked and log any attempt
to login via port 23.

It is flooding my terminal with the log messages.  He/she has tried a
few hundred times at least over the past few hours.  

I am on DHCP, but keep getting assigned the same IP address on reboot.
(Strange, I usually like keeping the same address).

Is there anything in particular I should be aware of?  Is there any
course of action or approach you would take?

Thanks for your help,

Brehmie

 
 
 
Top

a person is hammering my port 23

Post by Henrik St?h » Sun, 26 May 2002 19:08:55


Find out who the attacker's ISP is using whois, and send an email
to their abuse department. Not much else to do, except maybe stop
logging these messages.

Have you considered automatic issue reporting via www.mynetwatchman.com?

/Henrik


> Hello,

> OBSD 2.8

> Curious what if anything I should do about the following problem.

> For some reason a person/machine keeps attempting to login to my ip
> address via Telnet.  Of course I have it blocked and log any attempt
> to login via port 23.

> It is flooding my terminal with the log messages.  He/she has tried a
> few hundred times at least over the past few hours.

> I am on DHCP, but keep getting assigned the same IP address on reboot.
> (Strange, I usually like keeping the same address).

> Is there anything in particular I should be aware of?  Is there any
> course of action or approach you would take?

> Thanks for your help,

> Brehmie


 
 
 
Top

a person is hammering my port 23

Post by erik » Sun, 26 May 2002 21:16:01



> Hello,

> OBSD 2.8

> Curious what if anything I should do about the following problem.

> For some reason a person/machine keeps attempting to login to my ip
> address via Telnet.  Of course I have it blocked and log any attempt
> to login via port 23.

> It is flooding my terminal with the log messages.  He/she has tried a
> few hundred times at least over the past few hours.

> I am on DHCP, but keep getting assigned the same IP address on reboot.
> (Strange, I usually like keeping the same address).

> Is there anything in particular I should be aware of?  Is there any
> course of action or approach you would take?

I would block him without logging. Probably only the telnet connects to see
what more will be happening. Blocking is easy with ipf.

HTH,

EJ
--
For OpenBSD pf en nat rule examples: http://www.vanwesten.net

 
 
 
Top

a person is hammering my port 23

Post by Jan-Uwe Fin » Sun, 26 May 2002 19:27:27




Quote:> Is there anything in particular I should be aware of?  Is there any
> course of action or approach you would take?

If you have a telnet server running, you should disable it, otherwise
there's nothing to be afraid of.
 
 
 
Top

a person is hammering my port 23

Post by Breh » Wed, 29 May 2002 10:54:21


Thank you for your comments / suggestions.  The 'hammering' has
finally stopped.
 
 
 
Top

1. HELP: Can't telnet to port 23...but port 25 will work.

I am having problems telneting or ftping to my box. I can telnet to
port 25 (using both the IP or host name); however, I cannot telnet (to
port 23) or ftp using either the IP or the host name.

Hosts.deny/.allow are empty...

...inetd is obviously running...

...DNS is running, and other systems are successfully using it as a DNS
server...

...telnet and ftp lines in /etc/services are uncommented...

...a grep of running services in inetd.conf shows both ftp and telnet.

When telneting to the IP, I get:
   Connected to hostname.com
   Escape characher is...

   Connection closed

Lastly, there is a user other than root.

Could this be a DNS problem (I just set it up as a DNS server -- it was
my first time) -- remember, I could telnet to port 25 using the domain.

Sent via Deja.com http://www.deja.com/
Before you buy.

2. SLS/Slackware available from NETIS

3. Telnet on port 23 spawns other telnet process on different port?

4. Beta test, firewall ftp software

5. Input - Make sure input_dev is initialized where needed [23/23]

6. X1186.4?

7. Telneting to port other than 23

8. Ethernet problems...

9. Can any other application also communicate on port 23 (reserved for telnet) ?

10. Can I make both port 22 and 23 become telnetd?

11. Closing telnet, port 23

12. Telnet on port other than 23

13. port 23 and cable modems


All times are UTC
Board index