[NEBULA] Disable Telnet

dpssupport · July 2019

Morning,

I have a gs1920v2 in nebula, no pro pack lic.

Looking at logs we are getting many people trying to hack / telnet into this device.

How do we disable or lock this switch down to reduce hack attempts

Telnet authentication failure [username: admin, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:17 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:17 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:19 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:19 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:20 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:20 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

TomorrowOcean · July 2019

@dpssupport

I think you may try to configure IP filtering on your Switch.

Destination is your Switch IP address.

Dst port is 23. (Because Telnet is using TCP port 23)

RUnglaube · July 2019

Just wondering why do you have your switch IP accessible from internet?

Zyxel_Jason · July 2019

Thanks for @TomorrowOcean 's information.

Hi @dpssupport ,

Does the solution work for you?

Keep us posted if there is any other concern.

Thanks.

dpssupport · July 2019

https://businessforum.zyxel.com/discussion/comment/8747#Comment_8747

For some networks we require a switched back bone with various control, thought we would try nebula for management however maybe a not correct because we cannot work out how to lock this down to only my public ip range.

dpssupport · July 2019

https://businessforum.zyxel.com/discussion/comment/8759#Comment_8759

sort of, we have had to deny the following but still not sure its the right solution.

deny 21,23,22,80 FROM ANY, have i missed any

do you have an easier method?

Zyxel_Jason · July 2019

Hi @dpssupport ,

If you want to block the traffic of FTP, Telnet, SSH and HTTP to your Switch, yes, you may configure like that.

Hope it helps.

RUnglaube · July 2019

https://businessforum.zyxel.com/discussion/comment/8921#Comment_8921

Sorry I still don't get it. When you manage your devices through Nebula, the switches and APs don't need to be accessible from internet, unless you have specific requirements in your network. BTW, if you still need to make a device accessible from internet, the NSG - Virtual server settings have an 'Allowed remote IP' option to lock down the access to your public IP only.

Cheers!

dpssupport · July 2019

Yes i have specific reasons for some network to manually set these up with a Static Public Facing IP Address, hence wanting to lock it down.

FYI the reason is we are subletting a number of offices and these office are provided a single port on the back bone switch with a public IP address. hope that clears it up. Unfiltered service.

We do not use the NSG units.

RUnglaube · July 2019

Got it, thanks for sharing 🙂

[NEBULA] Disable Telnet

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center