[NEBULA] Disable Telnet
Freshman Member
Morning,
I have a gs1920v2 in nebula, no pro pack lic.
Looking at logs we are getting many people trying to hack / telnet into this device.
How do we disable or lock this switch down to reduce hack attempts
Telnet authentication failure [username: admin, IP address = 77.49.71.98]
2019-07-12 07:33:16 NOTICE authentication AAA
Telnet authentication failure [username: service, IP address = 77.49.71.98]
2019-07-12 07:33:16 NOTICE authentication AAA
Telnet authentication failure [username: service, IP address = 77.49.71.98]
2019-07-12 07:33:16 NOTICE authentication AAA
Telnet authentication failure [username: service, IP address = 77.49.71.98]
2019-07-12 07:33:17 NOTICE authentication AAA
Telnet authentication failure [username: service, IP address = 77.49.71.98]
2019-07-12 07:33:17 NOTICE authentication AAA
Telnet authentication failure [username: cisco, IP address = 77.49.71.98]
2019-07-12 07:33:18 NOTICE authentication AAA
Telnet authentication failure [username: cisco, IP address = 77.49.71.98]
2019-07-12 07:33:18 NOTICE authentication AAA
Telnet authentication failure [username: cisco, IP address = 77.49.71.98]
2019-07-12 07:33:18 NOTICE authentication AAA
Telnet authentication failure [username: cisco, IP address = 77.49.71.98]
2019-07-12 07:33:19 NOTICE authentication AAA
Telnet authentication failure [username: super, IP address = 77.49.71.98]
2019-07-12 07:33:19 NOTICE authentication AAA
Telnet authentication failure [username: super, IP address = 77.49.71.98]
2019-07-12 07:33:20 NOTICE authentication AAA
Telnet authentication failure [username: super, IP address = 77.49.71.98]
2019-07-12 07:33:20 NOTICE authentication AAA
Telnet authentication failure [username: super, IP address = 77.49.71.98]
All Replies
-
I think you may try to configure IP filtering on your Switch.
Destination is your Switch IP address.
Dst port is 23. (Because Telnet is using TCP port 23)
1 -
Just wondering why do you have your switch IP accessible from internet?
"You will never walk along"0 -
Thanks for @TomorrowOcean 's information.
Hi @dpssupport ,
Does the solution work for you?
Keep us posted if there is any other concern.
Thanks.
Jason0 -
For some networks we require a switched back bone with various control, thought we would try nebula for management however maybe a not correct because we cannot work out how to lock this down to only my public ip range.
0 -
sort of, we have had to deny the following but still not sure its the right solution.
deny 21,23,22,80 FROM ANY, have i missed any
do you have an easier method?
0 -
Hi @dpssupport ,
If you want to block the traffic of FTP, Telnet, SSH and HTTP to your Switch, yes, you may configure like that.
Hope it helps.
Jason0 -
Sorry I still don't get it. When you manage your devices through Nebula, the switches and APs don't need to be accessible from internet, unless you have specific requirements in your network. BTW, if you still need to make a device accessible from internet, the NSG - Virtual server settings have an 'Allowed remote IP' option to lock down the access to your public IP only.
Cheers!
"You will never walk along"0 -
Yes i have specific reasons for some network to manually set these up with a Static Public Facing IP Address, hence wanting to lock it down.
FYI the reason is we are subletting a number of offices and these office are provided a single port on the back bone switch with a public IP address. hope that clears it up. Unfiltered service.
We do not use the NSG units.
1 -
Got it, thanks for sharing 🙂
"You will never walk along"0
Ally Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
