NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Netgear Prosafe FVS336Gv3 Leaving Telnet port 23 open
I am running a PCI Compliance vulnerability check on my network, and I am being flagged for having port 23 Telnet open. I have read that this is closed by default so I'm not sure why it is appearing. I have created inbound and outbound rules to always block Telnet. Just as a fail-safe, I created a custom service choosing port 23, as well as the built in service for Telnet on the router. I also have turned off remote management via Telnet on the router. Port scanners and the PCI Scanner are showing I still have it open. What else can I do?
14 Replies
If the PCI scan is reporting telnet listening on the LOCAL LAN interface..... nothing you can do. None of the FVS devices allow you to completely disable telnet on the LAN, only on WAN. (it is honestly insane that I am even using the word "telnet" right now, in 2017..... SSH has been around for over 20 years......)
Thanks for the response! This is the exact response I got from the PCI Scanner:
For additional information please scroll down. We have denied this dispute based upon manual investigation of this finding. Manual investigation appears to show plaintext logins are possible on this system:
$ telnet 50.xxx.xxx.221 23
Trying 50.xxx.xxx.221...
Connected to 50.xxx.xxx.221.
Escape character is '^]'.(none) login: Anonymous
Password:But you were running the scanner on a computer behind the router, correct? Connected to the LAN ports...
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
