Well, actually I've had some computer constantly trying to connect to our
server via Telnet. I want to find out the originating IP to track down what
is happening.
Side note, I cannot shut down Telnet services because our hosting site uses
that to monitor the server.
Richard
[EMAIL PROTECTED]
----- Original Message -----
From: "Benjamin S. Rogers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 08, 2000 12:36 PM
Subject: RE: Monitoring Telnet Connections
> Jeremy,
>
> The point is not whether you have a use for Telnet on NT or even if remote
> administration via Telnet is generally superior to GUI based applications,
> but whether you know of a way to monitor telnet connections. Obviously,
> Richard has a use: now he's looking for a solution.
>
> In any case, telnet is a perfectly legitimate way to administer Internet
> servers (and servers in general). Telnet daemons that support secure
> connections are available for NT, but if someone has access to your server
> with execute permissions, "sniffing out passwords" is usually the least of
> your worries and certainly not the source of your problem.
>
> Benjamin S. Rogers
> Web Developer, c4.net
> voice: (508) 240-0051
> fax: (508) 240-0057
>
> -----Original Message-----
> From: Jeremy Allen [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 08, 2000 3:07 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Monitoring Telnet Connections
>
>
> Well.. speaking from the Unix word the netstat command
> with the proper arguments shows you everything that is
> connected to your system.. So really its not necessarily
> overkill to observe what / who is connected to your system.
>
> Telnet is always on port 23, so anything connected to your system
> on port 23 should tell you who is using telnet. So look for something
> that monitors all of the TCP/IP connections on the machine..
> Real typical stuff, I have had the need to use anything like it for NT
> but it should be readily available.
>
> Now that said, TELNET IS EVIL!!!
>
> It is one of the most insecure ways to administer a system and
> Anyone who has ever used plain ole telnet to administer a
> live internet server should be shot ;-)
>
> Use SSL, because its very simple to sniff out passwords
> in plain telnet.. its all clear text. There are
> some telnet daemons (in the Unix world) that do
> password encryption already but.. I doubt for NT..
>
> Then there is SSL which uses a secure socket 100% encrypted
> session to access the machine, which means sniffing is then
> out of the question.
>
> I don't really see much of a point to using.. telnet on NT
> since most people want to charge you money etc, for telnet
> services on NT4, and it should come with W2K I played
> around with their Crude Telnet daemon that used NTLM
> for Authentication.. somewhat secure.. (*cough cough*)
>
> All of this is Free if the box is a *nix box.. you can download
> binaries/ compile from source for the ultra paranoid SSL
> daemons from free.
>
> That said.. you can also get at...
> http://sourceware.cygnus.com
> most typical GNU utilities including GCC there,
> which will allow you to compile SSL, for windows
> so you can have secure sockets. If security is a concern
> its really worth investigating.
>
> Now all that said, what is the purpsoe of having the Telnet for
> NT? there is a great Free (GPL'd) administration utility
> available for NT located at..
>
> http://www.uk.research.att.com/vnc/
>
> Think.. PC Anywhere, and you can also use SSL with that to
> totally encrypt the entire session however it already does
> some more secure than plain text authentication so you
> may or may not care, also it would take someone sniffing
> a lot of time with a network dump and a hex editor to
> figure out what you were doing since the VNC protocol
> *is* plain text but it would take a lot of knowledge
> to really make any sense out of the data.... :)
>
> Anyways.. that is my 2 cents and then some ;)
>
>
> Jeremy Allen
> [EMAIL PROTECTED]
> [Insert cool title here]
>
> -----Original Message-----
> From: Angil Stewart [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 08, 2000 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Monitoring Telnet Connections
>
>
> Hmm...you could install something like Black Ice which monitors
connections
> to and from you're machine.
>
> It's a personal firewall utility.
>
> I think its overkill though, you should just buy a new Telnet Daemon, but
I
> don't know which would be cheaper for you.
>
> -Gel
>
> ----- Original Message -----
> From: Benjamin S. Rogers <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 08, 2000 2:39 Gil
> Subject: RE: Monitoring Telnet Connections
>
>
> > I'm not sure exactly what you're after. Your Telnet daemon should
provide
> > this capability and I don't believe the one that comes on the Res Kit
> does.
> >
> > A truly exceptional Telnet daemon is that put out by Pragma Systems
> > http://www.pragmasys.com/. The feature list is complete and I've used
> their
> > telnet daemon for a couple years on many production servers and have had
> no
> > problems.
> >
> > Benjamin S. Rogers
> > Web Developer, c4.net
> > voice: (508) 240-0051
> > fax: (508) 240-0057
> >
> > -----Original Message-----
> > From: Richard Ramos [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 08, 2000 12:26 PM
> > To: [EMAIL PROTECTED]
> > Subject: OT: Monitoring Telnet Connections
> >
> >
> > Anyone know how you can track connections to telnet services in an NT
> > Server?
> >
> > Thanks in advance.
> >
> > Richard Ramos
> > [EMAIL PROTECTED]
>
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=sts&body=sts/cf_talk or
send
> a message to [EMAIL PROTECTED] with 'unsubscribe' in the
> body.
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
