Solved

telnet problem

Posted on 2004-08-23
11
617 Views
Last Modified: 2013-12-27
hi all
i have a problem with the telnet service on solaris 7, my system installed on ultra 10 machine. when i try to telnet the system from remote system it refuse to accept telnet session in which a connection refused message appears.
its not a network isseu since ping responds positively, also i can telnet from this system to other systems. right ??  
i cant easely restart the system, this needs aprovals.  
i checked /etc/inet/inetd.conf and found the line
telnet  stream  tcp  nowait  root  /usr/sbin/in.telnetd  in.telnetd
i tried this
pkill -HUP inetd
put the problem didnt move.
 
have you any idea  plz
0
Comment
Question by:monamiz
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11868024
If you make telnet as root
must have in the file
/etc/default/login

# CONSOLE=/dev/console


You can make
telnet server -l user

user not root

0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11868044
If you have

CONSOLE=/dev/console

for root is error :
login: root
Password:
Not on system console
Connection closed by foreign host.


0
 

Author Comment

by:monamiz
ID: 11868459
hi otetelisanu
the server reject telnet at all, i type telnet serverIP
from any remote station (unix or windows )
the message on windows:
 Could not open connection to the host, on port 23: Connect failed
while on unix remote station the message is:
telnet: Unable to connect to remote host: Connection refused
 
i didnt yet reach the username and password prompt, however i tried to telnet with -l user but refused again.

by the way: i can telnet other systems from this server

any added ideas plzz
0
 
LVL 18

Accepted Solution

by:
liddler earned 60 total points
ID: 11868501
ON the machine itself try:
telnet 0
and see if you get a prompt, if you do, it may be a network / firewall / router acl problem
To get more detailed messages, find the pid of telnetd
and run
truss -faep <pid>
this will give a lot of output, you may need to use the script command to capture this to a file.

Then try telneting in and see if you get more or different messages, if the telnetd doesn't change then the packets aren't getting through.
0
 
LVL 4

Assisted Solution

by:Otetelisanu
Otetelisanu earned 40 total points
ID: 11869364
Hallo ,

you can with lsof see
wath prosess use port 23.

lsof can help you with this: http://wuarchive.wustl.edu/packages/security/lsof/
Example:
% lsof -i :23

[root@pluto:/ ] lsof -i :23
COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
inetd   165 root    5u  inet 0x300000ff748      0t0  TCP *:telnet (LISTEN)

You can also get lsof from http://www.sunfreeware.com/.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 20

Expert Comment

by:tfewster
ID: 11874012
Check /etc/services contains a line:
telnet            23/tcp          (and ensure it and the telnetd line in /etc/inet/inetd.conf are commented out)

telnetd isn't started until inetd detects an incoming connection on port 23; At which time inetd starts up the service defined in those files.

> by the way: i can telnet other systems from this server
Just to clarify, even if incoming telnet connections have been disabled on this server, you can still make outgoing connections - You don't need the telnetd daemon for that.
0
 
LVL 18

Expert Comment

by:liddler
ID: 11878246
Another thought,
grep services /etc/nsswitch.conf
and make sure it says file, if it says nis, nisplus or ldap you may not be looking in the right place for the port
0
 

Author Comment

by:monamiz
ID: 11900727
helo all

i think its a differnent objects
my server began to act strangly.. like: when i run ls under /etc this does not show /etc/inet while cd command change the directory there, and /etc/inetd.conf file also is not shown and changed from link to a regular file, this in addition to the telnet problem which had not been exist.
I think some one played with the system or im under attack.

i called the security support.
 but im asking if any one have any idea or similar circumstances ...

thanks        
     
0
 
LVL 1

Expert Comment

by:avrajesh_99
ID: 11919101
Hi Monamiz,

I have couple of Questions.

1. Do you have any ipchains or ipfilters applied on your system for security. If so try to see those, if you could flush them or remove the specific entry and try telnet.
2. R u having the telnet server installed on your system. Check this by looking into /etc/init.d/ directory you should have telnet as a service and if you have the telnet service out there. Open the telnet service and see the service is not disabled, if you have an entry "disable=yes" , then make it to "disable=no" and save the file and restart the telnet daemon.

HTH.

Rajesh
0
 

Expert Comment

by:Lego_Maniac
ID: 11924735
inetd is just a "super daemon" program that launches server daemons on-demand

You may be running into TCP wrappers security.

Check your TCP wrappers files:
/etc/hosts.allow and /etc/hosts.deny

hosts.allow should read:
in.telnetd: LOCAL, <ip address1>, <ip address2...>

<ip address> can be in one of these formats:
single IP address (example 192.168.1.1)
subnet/netmask (example 192.168.1.0/255.255.255.0)

hosts.deny probably reads:
ALL: ALL
This should be okay,  If it has a telnet entry, remove it, or just remove your IP from it.


Another configuration to verify is /etc/services
There must be a line in there for telnet, or else inet daemon won't spawn it.
telnet          23/tcp

Default is for it to be in there, but doesnt hurt to check.

0
 

Author Comment

by:monamiz
ID: 12003971
heloo
- no chains or filters are applyed
- also no tcp wrappers
thanks all
its a different isseu ... an intruder with the root password login to the system and make a soft changes to some files like the binarry of the ls command and other auditing files
i had to restart the system ... but the system hangs many times a few seconds after boot -s command on the ok prompt .. finaly i got access to single user mode and restore the system from a backup .. now its running fine and i applied the latest patches after i change the passwords of all of the users on alll of my systems.
i wanna thank you all for your assistance ..

thanks

 
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded‚Ķ
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now