Can I completely shutdown telnet service, if device is vulnerable?

JacobMisirian / DblTekGoIPPwn

Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, send SMS messages from the system, execute remote commands botnet style, and generate responses to challenges.

GNU General Public License v3.0

60 stars 26 forks source link

Can I completely shutdown telnet service, if device is vulnerable? #1

Open Areso opened 6 years ago

Areso commented 6 years ago

Sadly, there are no hints about telnet service settings in user's manual (except options for Port Transparency/DMZ, which is not about the subject).

JacobMisirian commented 6 years ago

I do not believe you can fully turn off the service, although I am not an expert in operating these devices. However, closing down the port using iptables (or NAT on your router) is definitely an option. Better yet, update to the latest firmware. Even though DblTek has not put out a firmware that completely removes this backdoor nonsense, the latest one's challenge response is complex enough that someone like me is too lazy to reverse engineer it.