Friday, January 28, 2011

Telnet attacks on the rise? Protect yourself on Solaris!

I just read, thanks to Steve Green's "Security News", that Akamai just released a report that said attacks against the telnet port (23) are on the rise.  While this may seem strange at first, it is completely understandable - we're all so used to using SSH (Secure Shell) or Kerberos for secure shell access that many of us may have forgotten about older machines or even newer machines that may still have the telnet service running.

Remember that in Oracle Solaris 11 Express 2010.11 and the OpenSolaris releases, the telnet service is turned off by default, thanks to the Secure by Default project:

ryoga $ svcs telnet
disabled       Jan_24   svc:/network/telnet:default

If you find your service has been re-enabled, well, you'd better review your audit logs and see who did that, and quickly disable it again:

ryoga $ svcadm disable svc:/network/telnet:default

Since Solaris 10 Update 3 shipped, there was a secure by default option at install time, and you can set up that profile after you've installed. Check out netservices(1M) command.