Subject: | |
From: | |
Reply To: | |
Date: | Fri, 8 Jan 1999 09:43:37 +1000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
At 09:09 7/01/1999 -0800, Mark Bixby wrote:
>Ron Burnett writes:
>>
>> After several months of error-free usage of inbound telnet
>> on our HP928 (MPE/iX 5.5 PP 4), we are now frequently
>> getting the following console messages:
>>
>> Could not receive data from sockets during Telnet device initialization.
>> Call to initialize Telnet server failed with error -7.
>>
>> There doesn't seem to be any impact on the service. The message
>> even appears during the night when there is no demand for connection.
>
>I believe a hacker is "port scanning" you.
>
>Various hacker tools are available to scan a remote system and report on the
>available TCP or UDP services. These tools start off by sending the bare
>minimal packets needed to determine whether or not something is listening
>to a given port, and then break the connection short of establishing the
>full-blown protocol.
>
>So what happens on a 3K is just enough to get JINETD to attempt to spawn a
>telnet session when the tool probes port 23. But the tool quickly breaks off
>the connection, resulting in the console messages you see.
Bingo! Mark gets first prize for the precise solution.
We are fire-walled, so it was extremely unlikely that the intrusion
was coming from outside. I checked this morning for the frequency
of errors and it was precisely every 22 minutes. An odd interval.
A word to one of our network admin people revealed that they
have started testing all major servers on the network--not just a
ping, but a test on the telnet port #23. I've asked them to go back
to a simple ping for the offended machine.
Ron Burnett
Manager, HP3000 Systems
W&C HCN - Melbourne
|
|
|