Port 23 open, and internal IP visible?

Discussion in 'other firewalls' started by nice-guy, Jun 15, 2005.

Thread Status:
Not open for further replies.
  1. nice-guy

    nice-guy Guest

    I'm currently running Jetico on my machine, and when i do a port scan from a security website it alerts me that port 23 is open, and that my internal ip is visible to websites. What do I do to fix this? Do I need to get another firewall?
    I'm am aware of that I use telnet on port 23 to connect to my router when I need to open a port etc. If I delete the telnet port from my open ports configuration in my router I can't connect to it, only through HyperTerminal which is a difficult process for me, since my computer doesn't have the port that's needed (physically). My question is, how do I stealth port 23 and my internal IP?

    Thanks
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The web site will just be using script which runs locally in your browser to display your internal IP.
    Does it have an option to disable remote administration and still permit local connections? You do not want to be exposing this to the Internet.

    HyperTerminal can be used with physical connections (com port) for your telnet connection, or via TCP/IP (see image below).

    We will probably need some more details on the router configuration options to stealth port 23. The internal IP is a browser issue, it is not visible to the Internet.

    Regards,

    CrazyM
     

    Attached Files:

  3. nice-guy

    nice-guy Guest

    Thanks for your reply.
    My router is a Cisco 677 and configuration manuals can be found on the inet. Can you tell me how to Stealth port 23? Actually, I have deleted port 23 on 10.0.0.2 in my NAT configuration now, but it is STILL open. Any ideas?
    I asked my ISP to send me a cable to configure my router another way than Telnet, and they have sent me a blue cable which doesn't fit in my computer anywhere. Only on my mothers computer! I don't have the port needed on my motherboard. It is a IC7-MAX3.
    I can still login via telnet, even though I deleted the port 23..
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Are you sure on the model?

    Check your inbound access list for the outside interface, is there a permit statement there for telnet? If so, you will need to remove it.

    Not too sure what you mean here.

    If it is a console cable they sent you, it requires a COM port.

    When you connect to the router from a LAN system that will be via the inside interface. Unless you have an access list that restricts this (default is usually no access list on this interface) then you will likely be able to connect. Restricting access locally can be done via the "line" command and access list to define which local systems are permitted. Do you see something like "line vty 0 4" followed by "access-class xx in" in your configuration?

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.