At 09:09 7/01/1999 -0800, Mark Bixby wrote:

>Ron Burnett writes:
>>
>> After several months of error-free usage of inbound telnet
>> on our HP928 (MPE/iX 5.5 PP 4), we are now frequently
>> getting the following console messages:
>>
>> Could not receive data from sockets during Telnet device initialization.
>> Call to initialize Telnet server failed with error -7.
>>
>> There doesn't seem to be any impact on the service.  The message
>> even appears during the night when there is no demand for connection.
>
>I believe a hacker is "port scanning" you.
>
>Various hacker tools are available to scan a remote system and report on the
>available TCP or UDP services.  These tools start off by sending the bare
>minimal packets needed to determine whether or not something is listening
>to a given port, and then break the connection short of establishing the
>full-blown protocol.
>
>So what happens on a 3K is just enough to get JINETD to attempt to spawn a
>telnet session when the tool probes port 23.  But the tool quickly breaks off
>the connection, resulting in the console messages you see.

Bingo!  Mark gets first prize for the precise solution.

We are fire-walled, so it was extremely unlikely that the intrusion
was coming from outside.  I checked this morning for the frequency
of errors and it was precisely every 22 minutes.  An odd interval.

A word to one of our network admin people revealed that they
have started testing all major servers on the network--not just a
ping, but a test on the telnet port #23.  I've asked them to go back
to a simple ping for the offended machine.

Ron Burnett
Manager, HP3000 Systems
W&C HCN - Melbourne