[NEBULA] Disable Telnet

dpssupport
dpssupport Posts: 7  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Nebula

Morning,

I have a gs1920v2 in nebula, no pro pack lic.


Looking at logs we are getting many people trying to hack / telnet into this device.

How do we disable or lock this switch down to reduce hack attempts


Telnet authentication failure [username: admin, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:16 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:17 NOTICE authentication AAA

Telnet authentication failure [username: service, IP address = 77.49.71.98]

2019-07-12 07:33:17 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:18 NOTICE authentication AAA

Telnet authentication failure [username: cisco, IP address = 77.49.71.98]

2019-07-12 07:33:19 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:19 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:20 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

2019-07-12 07:33:20 NOTICE authentication AAA

Telnet authentication failure [username: super, IP address = 77.49.71.98]

All Replies

  • TomorrowOcean
    TomorrowOcean Posts: 59  Ally Member
    First Anniversary Friend Collector First Answer First Comment

    @dpssupport

    I think you may try to configure IP filtering on your Switch.

    Destination is your Switch IP address.

    Dst port is 23. (Because Telnet is using TCP port 23)

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment

    Just wondering why do you have your switch IP accessible from internet?

    "You will never walk along"
  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Thanks for @TomorrowOcean 's information.


    Hi @dpssupport ,

    Does the solution work for you?

    Keep us posted if there is any other concern.

    Thanks.

    Jason
  • dpssupport
    dpssupport Posts: 7  Freshman Member
    First Anniversary Friend Collector First Comment

    For some networks we require a switched back bone with various control, thought we would try nebula for management however maybe a not correct because we cannot work out how to lock this down to only my public ip range.

  • dpssupport
    dpssupport Posts: 7  Freshman Member
    First Anniversary Friend Collector First Comment


    sort of, we have had to deny the following but still not sure its the right solution.

    deny 21,23,22,80 FROM ANY, have i missed any

    do you have an easier method?

  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @dpssupport ,

    If you want to block the traffic of FTP, Telnet, SSH and HTTP to your Switch, yes, you may configure like that.

    Hope it helps.

    Jason
  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited July 2019

    Sorry I still don't get it. When you manage your devices through Nebula, the switches and APs don't need to be accessible from internet, unless you have specific requirements in your network. BTW, if you still need to make a device accessible from internet, the NSG - Virtual server settings have an 'Allowed remote IP' option to lock down the access to your public IP only.

    Cheers!

    "You will never walk along"
  • dpssupport
    dpssupport Posts: 7  Freshman Member
    First Anniversary Friend Collector First Comment

    Yes i have specific reasons for some network to manually set these up with a Static Public Facing IP Address, hence wanting to lock it down.

    FYI the reason is we are subletting a number of offices and these office are provided a single port on the back bone switch with a public IP address. hope that clears it up. Unfiltered service.

    We do not use the NSG units.

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment

    Got it, thanks for sharing 🙂

    "You will never walk along"

Nebula Tips & Tricks