donjon56
-
Posts
5 -
Joined
-
Last visited
Content Type
Profiles
Forums
Store
Articles
A20 Bugs
A21 Bugs
Events
Record Comments posted by donjon56
-
-
56 minutes ago, Diaboliko said:
I wonder what do you view as suspicious in those logs?
Logs show nothing but two instant telnet sessions and two long ones; logs do not suggest that anything at all was written into socket during those long sessions. It could be just the log level though. If logs are indeed scarce then without traffic dumps noone would be able to tell what happened, won't they?
That said, no idea what is expected in server logs from telnet session. And 4 telnet sessions from same IP at about the same time is odd...
This was 6+ months ago. Suspicious is that i had 16+ character random password that was not shared with anyone, nor had I actually connected to it yet.
Within 5 days there was an open connection on it. Granted, there was no record of any activity other than holding open the connection.
If brute forced, that seemed oddly quick, plus there were not any login failures in the logs.
This occurred three times with different passwords. I disabled after that.
It was not from the same ip range
While nothing came of these connections. Given a large number of open tenet sessions. A coordinated attack could be staged against the hosting company.
0 -
At the moment I was not using any modifications or tools.
I was just testing the features with telnet and web console.
Since Server Blend did not have any reverse proxy or tunnels for securing it, I was not planning to have it on long term.
Server was set for Public with a different Password for users to join.
Telnet and Web Console had different 16 char fully randomized passwords.0
Suspicious Telnet Activity
in Under Review
Posted
Agreed, other than implementing TLS or SSL...
That falls more under host/IT for reverse proxy or VPN tunnel