Solved

telnet problem

Posted on 2004-08-23
11
625 Views
Last Modified: 2013-12-27
hi all
i have a problem with the telnet service on solaris 7, my system installed on ultra 10 machine. when i try to telnet the system from remote system it refuse to accept telnet session in which a connection refused message appears.
its not a network isseu since ping responds positively, also i can telnet from this system to other systems. right ??  
i cant easely restart the system, this needs aprovals.  
i checked /etc/inet/inetd.conf and found the line
telnet  stream  tcp  nowait  root  /usr/sbin/in.telnetd  in.telnetd
i tried this
pkill -HUP inetd
put the problem didnt move.
 
have you any idea  plz
0
Comment
Question by:monamiz
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11868024
If you make telnet as root
must have in the file
/etc/default/login

# CONSOLE=/dev/console


You can make
telnet server -l user

user not root

0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11868044
If you have

CONSOLE=/dev/console

for root is error :
login: root
Password:
Not on system console
Connection closed by foreign host.


0
 

Author Comment

by:monamiz
ID: 11868459
hi otetelisanu
the server reject telnet at all, i type telnet serverIP
from any remote station (unix or windows )
the message on windows:
 Could not open connection to the host, on port 23: Connect failed
while on unix remote station the message is:
telnet: Unable to connect to remote host: Connection refused
 
i didnt yet reach the username and password prompt, however i tried to telnet with -l user but refused again.

by the way: i can telnet other systems from this server

any added ideas plzz
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 18

Accepted Solution

by:
liddler earned 60 total points
ID: 11868501
ON the machine itself try:
telnet 0
and see if you get a prompt, if you do, it may be a network / firewall / router acl problem
To get more detailed messages, find the pid of telnetd
and run
truss -faep <pid>
this will give a lot of output, you may need to use the script command to capture this to a file.

Then try telneting in and see if you get more or different messages, if the telnetd doesn't change then the packets aren't getting through.
0
 
LVL 4

Assisted Solution

by:Otetelisanu
Otetelisanu earned 40 total points
ID: 11869364
Hallo ,

you can with lsof see
wath prosess use port 23.

lsof can help you with this: http://wuarchive.wustl.edu/packages/security/lsof/
Example:
% lsof -i :23

[root@pluto:/ ] lsof -i :23
COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
inetd   165 root    5u  inet 0x300000ff748      0t0  TCP *:telnet (LISTEN)

You can also get lsof from http://www.sunfreeware.com/.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 11874012
Check /etc/services contains a line:
telnet            23/tcp          (and ensure it and the telnetd line in /etc/inet/inetd.conf are commented out)

telnetd isn't started until inetd detects an incoming connection on port 23; At which time inetd starts up the service defined in those files.

> by the way: i can telnet other systems from this server
Just to clarify, even if incoming telnet connections have been disabled on this server, you can still make outgoing connections - You don't need the telnetd daemon for that.
0
 
LVL 18

Expert Comment

by:liddler
ID: 11878246
Another thought,
grep services /etc/nsswitch.conf
and make sure it says file, if it says nis, nisplus or ldap you may not be looking in the right place for the port
0
 

Author Comment

by:monamiz
ID: 11900727
helo all

i think its a differnent objects
my server began to act strangly.. like: when i run ls under /etc this does not show /etc/inet while cd command change the directory there, and /etc/inetd.conf file also is not shown and changed from link to a regular file, this in addition to the telnet problem which had not been exist.
I think some one played with the system or im under attack.

i called the security support.
 but im asking if any one have any idea or similar circumstances ...

thanks        
     
0
 
LVL 1

Expert Comment

by:avrajesh_99
ID: 11919101
Hi Monamiz,

I have couple of Questions.

1. Do you have any ipchains or ipfilters applied on your system for security. If so try to see those, if you could flush them or remove the specific entry and try telnet.
2. R u having the telnet server installed on your system. Check this by looking into /etc/init.d/ directory you should have telnet as a service and if you have the telnet service out there. Open the telnet service and see the service is not disabled, if you have an entry "disable=yes" , then make it to "disable=no" and save the file and restart the telnet daemon.

HTH.

Rajesh
0
 

Expert Comment

by:Lego_Maniac
ID: 11924735
inetd is just a "super daemon" program that launches server daemons on-demand

You may be running into TCP wrappers security.

Check your TCP wrappers files:
/etc/hosts.allow and /etc/hosts.deny

hosts.allow should read:
in.telnetd: LOCAL, <ip address1>, <ip address2...>

<ip address> can be in one of these formats:
single IP address (example 192.168.1.1)
subnet/netmask (example 192.168.1.0/255.255.255.0)

hosts.deny probably reads:
ALL: ALL
This should be okay,  If it has a telnet entry, remove it, or just remove your IP from it.


Another configuration to verify is /etc/services
There must be a line in there for telnet, or else inet daemon won't spawn it.
telnet          23/tcp

Default is for it to be in there, but doesnt hurt to check.

0
 

Author Comment

by:monamiz
ID: 12003971
heloo
- no chains or filters are applyed
- also no tcp wrappers
thanks all
its a different isseu ... an intruder with the root password login to the system and make a soft changes to some files like the binarry of the ls command and other auditing files
i had to restart the system ... but the system hangs many times a few seconds after boot -s command on the ok prompt .. finaly i got access to single user mode and restore the system from a backup .. now its running fine and i applied the latest patches after i change the passwords of all of the users on alll of my systems.
i wanna thank you all for your assistance ..

thanks

 
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unix / Linux grid computing 5 163
Shell script errors 10 141
ACL in Solaris 10 & AIX V6.1 to circumvent application required  grp:rwx 9 116
UNIX SCP 5 83
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded‚Ķ
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question