0

I've seen open a new window with a client telnet sesion at login this morning at SBS 2011 server. The window displayed some random chars (non alphanumerics) a few seconds and gone. The server is fully updated and doesn't have any script at logon. Typical default services are on: Exchange, IIS, etc, but no more. The server is behind a router, and have NAT only on the necessary few ports.

I manage other two Windows 2008 R2 VPS and I've seen this before on these.

Aparently nothing happened to the servers. But I'm worried about this.

What do you recommend me, please?

ju4nj3
  • 3
  • 1
  • The telnet service (and indeed the telnet client, IIRC) are not part of a standard windows 2008r2 install. Have they been added, and if so check why they were added and by whom? It's not that uncommon to use the telnet *client* to diagnose issues on an email server, but I wouldn't expect to see the telnet server there, and in either case if no one out of the 'allowed' admins knows what they're doing there then it's time to worry. – Rob Moir Jul 15 '13 at 08:29
  • Hi RobM, it was added by me. And yes, to check connectivity with mail servers. Bad habit. I removed it. The question is what is causing this, a non discovered bug on IIS?. I suspect that is on IIS the issue because it's the common service that I have in all those servers. – ju4nj3 Jul 15 '13 at 09:34
  • RobM, I have to clear that only it was telnet client, not server installed. – ju4nj3 Jul 15 '13 at 11:46

1 Answers1

1

You're right to be worried, disable Telnet and any accounts you think that may have been used, change all admin-level account passwords, oh and firewall off telnet too.

Chopper3
  • 101,299
  • 9
  • 108
  • 239