TELNET port probe
advICE :Intrusions : 2003006

Summary

The attacker is scanning your system to see if it runs the "Telnet" service. This program is enabled on most UNIX systems, but on virtually no Windows systems. Therefore, Windows users probably have nothing to fear from such probes.

Details

Telnet is a service that allows one machine to access a command prompt (similar to a DOS prompt) on a remote machine.

While Windows comes with a Telnet "client" that allows them to log into UNIX machines this way, they do not have a built in "service". This means that hackers cannot obtain a DOS prompt on a Windows machine unless special software has been installed.

However, virtually all UNIX machines have this service installed and running. Furthermore, there are many exploits that would allow a hacker to break in even without a valid username or password.

What the hacker is looking for

The hacker is almost certainly scanning millions of machines doing a "banner-check". UNIX machines are probably secure from login, but other machines like routers and dial-up servers often use Telnet for remote management. The hacker may be looking for dialup servers so he/she can do mischeivious things like hanging up people.

False positives You may get a false positive if you try to Telnet out to a machine that is not available, in which case your machine is marked as the intruder.

parametric information port This indicates the TCP port that was probed. reason The reason for the port probe. Firewalled: the incoming TCP SYN or UDP frame was stopped by the firewall. RSTsent: the incoming TCP SYN frame was rejected by the computer. ICMPsent: the incoming UDP frame was rejected by the computer. NOanswer: there was no response to the incoming SYN frame.

 
Version appeared: 2.5