------------------------- | | | Securing Telnet | | | | Written by lord nirvana | | | | Sophos Eviloso | ------------------------- --------------------------------------------------- Telnet is a remote administration Daemon, or server have you. that runs from both NT, and *nix machines. used mostly for remote administration, and Shells, it leaves your system wide open for attacks. today, im going to teach you a few ways to secure telnet. to keep script kiddies away from good old telnet. 1.NTLM security: first thing is, you have to understand how Telnet works. it opens up a port, default on 23. and gives a shell to your machine from any machine connecting. and allows incoming connections to it from a telnet client. once connected to the server, you are issued with an Authentication prompt. usually looks something like this: Telnet remote administration server login:lord Password:(shadowed) in windows NT, one of the ways you can keep outside people outside of your network getting these authentication prompts, is to use "NTLM" prompts, where if someone with a different NTLM authentication key, can not get issued with an authentication prompt. insted of the: Telnet remote administration server login:lord Password:(shadowed) you will get something to this affect: NTLM authentication failed. access denied that will keep people not on your network out of your server. and will insure no script kiddies will gain "root" or administrator privledges to your machine. 2. Securing root: in unix systems, telnet is wide open for someone to gain root into your machine. The best way to secure root in unix, is to make an almost impossible to brute password for root. usually should be more than 6 chars long, and include numbers, and letters. in most *nix systems, the OS will tell you if your password is in a dictionary or not. which should keep most of the kiddies from gaining root to your machine. another way to secure root in telnet is to just keep remote root logins off in telnet. you may think "wait, then remote administration is almost impossible through telnet"....thats not true, once you have logged into a power user account, you can simply "su" into root, and input the password and have root privs in the terminal. simple as that. and keeps people from being able to brute the root account. 3. knowing who's connecting: so, you've secured root...but are still paranoid that people are inside your machine. well, the next best things to do is, A: check your logs for authentication attempts from outside the network. check it as often as you need to, usually the logs are stored in the /var directory in unix. B: you can run a live IDS system logging all incoming packets on the telnet Daemon port. and will run in the systray, and you can watch at anytime. TCPdump is also a nice packet log also, and you can watch if theres any syn coming in on port 23. C: you can also ban IP address's from the server, based on the attempts in the log. you should be able to add IP address's to the "black list" via telnet config type files.