Re: Telnet, Ping and Port 1025

From: C & C Antiques and Collectables (noreply_at_thisfalse.com)
Date: 09/04/04

• Next message: Jim Byrd: "Re: about:blank"
• Previous message: Bruce Chambers: "Re: disable NIS2004 during s/w installs?"
• In reply to: Don Taylor: "Re: Telnet, Ping and Port 1025"
• Next in thread: Malke: "Re: Telnet, Ping and Port 1025"
• Reply: Malke: "Re: Telnet, Ping and Port 1025"
• Reply:(deleted message) Don Taylor: "Re: Telnet, Ping and Port 1025"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 4 Sep 2004 19:10:52 +0100

In article <jrqdnVP6c84rIqTcRVn-vw@scnresearch.com>,
Don Taylor wrote ...
 
> >Lanwench [MVP - Exchange] wrote ...
> >> Put a firewall in place....if you're on XP, you can just enable the built-in
> >> one.
> >> C & C Antiques and Collectables wrote:
> >> > I just run a security check on my system at Symantec. It reported
> >> > risks from Telnet, Ping and open port number 1025. Can anyone help me
> >> > close these these holes in my systems security please?
> >>
> >I do have Norton AV and Firewall installed, both are updated daily. It
> >was Norton's own on-line security check that revealed the Telnet, Ping
> >and 1025 holes in XP Home.
>
> Norton doesn't seem, by default, to lock down all ports.
> But if you don't see a need for a particular service then
> you can add a rule yourself that will block incoming and/or
> outgoing packets for any particular port.
>
> For telnet it isn't clear whether you have that open for
> incoming or for outgoing, or perhaps both, directions.
> For incoming, unless you specifically need to have the
> telnet server running and the port open to accept telnet
> connections from outside I'd certainly think that blocking
> that port number would be reasonable.
>
> For ping there are occasional "ping flood" attacks, where
> some little net vandal will flood your machine with a few
> thousand pings a second. If you don't need to have the
> ability for someone to check and see whether your machine
> is up then you can turn that off with little loss.
>
> The 1025, and I think 1029, seem to have become popular
> for some net vandal's probing several months back. Both
> those are used for some sort of checking of network
> status. I began seeing a handful of those a minute and
> finally put both those into my block list, but let the
> little "norton flag" wave at me to let me know that they
> are still coming in on a regular basis.
>
> You can also include a rule "all that is not permitted
> is prohibited" and that is convenient to just blanket
> block the twits that are out there just rattling your
> door to see if they can get in. And it is possible with
> any and all of these to have the rule add a line to your
> logs/stats, just so that every few days you can go peek
> at the totals and watch for any spike in activity.
>
> I do support for a few small business users. It amazes
> me that isp's, both small and large, have slowly been
> inching towards blocking virus and spam but that they
> let vandals send any kind of net packets in that they
> want. For example, AOL has finally got antivirus tools
> running, congrats to them, but I watch the trojan
> packets hammering right through their system, trying to
> find any customer who is at risk and who can be subverted.
>
> The net isn't what it used to be 25 years ago.
> In hindsight, we never should have let the public know
> about the net, that would have been for the best.
>
Well, thank you Don... a comprehensive answer if ever I read one!
I have closed both 1025 and 1029 ports and set Norton to let me know
when my new rule is fired. I am however uncertain precisely how to set
up my system to shut down the Telnet and Ping problems. I do not
knowingly use either of these.

-- 
Charlie

---

• Next message: Jim Byrd: "Re: about:blank"
• Previous message: Bruce Chambers: "Re: disable NIS2004 during s/w installs?"
• In reply to: Don Taylor: "Re: Telnet, Ping and Port 1025"
• Next in thread: Malke: "Re: Telnet, Ping and Port 1025"
• Reply: Malke: "Re: Telnet, Ping and Port 1025"
• Reply:(deleted message) Don Taylor: "Re: Telnet, Ping and Port 1025"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Telnet, Ping and Port 1025 ... >was Norton's own on-line security check that revealed the Telnet, Ping ... Norton doesn't seem, by default, to lock down all ports. ... outgoing packets for any particular port. ... (microsoft.public.security.virus) Re: Problem with iptables and smtp ... What about that telnet, i`m ussing ssh on a different port, but what i ment ... The connection isn't always going to be in state NEW. ... RELATED is stuff like RST packets, or ICMP packets, or DNS ... (comp.security.firewalls) Re: ssh issues ... > Use tpcdump and check if packets are coming in the machine, ... > the firewall configuration. ... Another thing you can do it telnet to port 22. ... (comp.os.linux.networking) Re: Telnet port 25 ... Subject: Telnet port 25 ... is the sole responsibility of the customer and depends on the customer's ... Configuring sendmail 8.11.0 for Anti-Relay ... (AIX-L) Re: Suggestion for a lexical (login mode via TCPIP) ... Not sure of it is the right one to modify or to add another one, but it would be useful to be able to get information on whether the user us coming in via FTP, TELNET, etc. ... This would also allow a LOGIN.COM to check if someone is coming in through a secure/SSL port for instance. ... For the HP SSH server, it seems to be undefined. ... forget about the possibility of virtual terminals. ... (comp.os.vms)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)