another option - the way we do it...
Run WUG on a Win2K server and install Terminal Services in
remote admin mode. Then you can access it remotely (though not through the
web interface) and you can do whatever you need to do (well beyond
telnet..)
You can set up terminal services for a non-standard port
(other than 3389) and you have windows 2000 security working for you.
(just keep the security updates current.)
>>> [EMAIL PROTECTED] 11/13/02 03:00PM >>>
I
agree with Jay, there are some big security questions you need to ask your
self. However there are even bigger technical questions. There is a
big difference between ping and telnet. Ping is non interactive. WUG
runs a command and shows the output via the web page. That is easy to
do. It could do that with telnet, but what good would it do if you can't
interact with it.
What
you are really looking for is a telnet proxy. I know that there are some
out there. You could install a proxy server on your WUG server and set a
incoming port to the proxy server to then connect to a port on what ever server
you wanted to connect to. The proxy server would need to be able to
support telnet. You would telnet from your PC to the WUG server,
on the port you assign (telnet://WUG:64907) then the proxy server would
know (because you configured it) that port 64907 would redirect to
securenetworkdevice:23. Because each server would need to be assigned a
separate port on the proxy server, you would have to create a link to the notes
field for each device.
So
there is a way to do it. I would not suggest it for admin headache and
security reasons, but that is your chose not mine.
Good
luck if you decide to do it.
Jeff Cook
IT
Technician
Whatcom Educational Credit
Union
[EMAIL PROTECTED]
-----Original Message-----Let's put on our security caps and think about this one for a moment.
From: Jay Drew [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 13, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [WhatsUp Forum] Adding Telnet to the web interface
1. The intent of some of the target telnet hosts may be to limit who gets in by IP address.
2. The WUG machine would be a member of that Access Control List
3. I WEB into the WUG machine from a machine outside of that ACL list, telnet to the target machine and have bypassed the "purpose" of the ACL.
4. Bypassing the ACL may be acceptable if you do via a strong host. I don't believe WUG provides that.
A. You web into WUG with a password in the clear because WUG is not using HTTPS.
B Someone snoops the traffic, gets your WUG password AND the login/password for the telnet session. The ACL just became useless.
I fully agree with the intent, but I believe the implementation will provide a security hole that I would find unacceptable.
And by the way, at least in rev 5 of WUG (I haven't looked at rev 7) the account file for WUG users could be viewed with an ascii viewer and you could pick out
username and passwords. Another warm-fuzzy to think about.
Jay
At 09:17 AM 11/13/2002 -0500, you wrote:
There must be a way to telnet from the whatsup server...when you run the ping command from the web interface, it pings from the whatsup server.
- -----Original Message-----
- From: Jason M. Black [mailto:[EMAIL PROTECTED]]
- Sent: Tuesday, November 12, 2002 2:36 PM
- To: '[EMAIL PROTECTED]'
- Subject: RE: [WhatsUp Forum] Adding Telnet to the web interface
- I saw the one on the IPSwitch page. I did not like how it looked and that is why I modified the two files I zipped and sent along.
- As for telneting from the Whatsup server, I do not think it is possible. I tried that a while back.
- __________________________________________________________________
- I think the files I sent are still being sent through the IPSwitch server.
- -----Original Message-----
- From: Jason Humes [mailto:[EMAIL PROTECTED]]
- Sent: Tuesday, November 12, 2002 1:58 PM
- To: '[EMAIL PROTECTED]'
- Subject: [WhatsUp Forum] Adding Telnet to the web interface
- I found an article relating to adding the telnet function to the web interface and I tried it out...involved editing the tools.asp file. It runs the telnet program fine...but the actual connection is originating from the machine that I'm using to view the web...not the actual whatsup server. The device I'm trying to telnet to is not accessible to my local machine, but obviously it is via the whatsup machine. Is there anyway to enable telnet from the web interface, originating from the whatsup servers nic, not that of my local machine. Thanks for the input.
- Jason D. Humes
- Applied Computer Solutions
- 3020 St. Etienne Blvd.
- Windsor, Ont.
- Phone : (519) 944-4300
- Fax : (519) 944-4247
- Email : [EMAIL PROTECTED]
