Preventing Telnet access

 

Preventing access to Telnet ports

To prevent Telnet from starting and to prevent someone from associating a user application, such as a socket application, with the port that the system normally uses for Telnet, follow these steps:

1. In iSeries Navigator, click your system > Network > Servers > TCP/IP.

2. Right-click TCP/IP Configuration and select Properties.

3. In the TCP/IP Configuration Properties window, click the Port Restrictions tab.

4. On the Port Restrictions page, click Add.

5. On the Add Port Restriction page, specify the following values:

   • User name: Specify a user profile name that is protected on your system. (A protected user profile is a user profile that does not own programs that adopt authority and does not have a password that is known by other users.) By restricting the port to a specific user, you automatically exclude all other users.

   • Starting port: 23 (for non-SSL TELNET) or 992 (for SSL TELNET)

   • Ending port: 23 (for non-SSL TELNET) or 992 (for SSL TELNET)

   • Protocol: TCP

   These port numbers are specified in the Work with Service Table Entries (WRKSRVTBLE) table under the service names Telnet and Telnet-ssl. They might be mapped to ports other than 23 and 992. Repeat this process for each port that you want to restrict. The Internet Assigned Numbers Authority (IANA) provides information about common port number assignments.

6. Click OK to add the restriction.

7. On the Port Restrictions page, click Add and repeat the procedure for the User Datagram Protocol (UDP) protocol.

8. Click OK to save your port restrictions and to close the TCP/IP Configuration Properties window.

9. The port restriction takes effect the next time that you start TCP/IP. If TCP/IP is active when you set the port restrictions, you should end TCP/IP and start it again.

 

Parent topic:

Telnet security