topic Non-RFC Compliant Telnet Traffic on Port 23 in Advanced Threat Prevention Discussions

Non-RFC Compliant Telnet Traffic on Port 23

agilessk — Thu, 01 Apr 2021 05:51:00 GMT

Can someone explain about the threat name/vulnerability Non-RFC compliant Telnet traffic on Port 23?

Re: Non-RFC Compliant Telnet Traffic on Port 23

OtakarKlier — Thu, 01 Apr 2021 21:07:17 GMT

Hello,

So to start telnet uses port 23. What the message is saying is that it see's the packets but it doesnt conform to the RFC, i.e. the packet doesnt look like its supposed to. Could be that the application sending the traffic is not forming the packets correctly, or another application other than telnet is using that port.

Hope that helps.

Re: Non-RFC Compliant Telnet Traffic on Port 23

agilessk — Sun, 04 Apr 2021 07:50:15 GMT

Thanks for the response. how to investigate that the application sending the traffic is not forming the packets correctly or non-rfc compliant? any examples or references. Thanks again.

Re: Non-RFC Compliant Telnet Traffic on Port 23

reaper — Sun, 04 Apr 2021 09:09:57 GMT

You can enable advanced packetcapture on the threat profile

That will allow you to verify what the firewall is receiving