Specifications
©
2002, David K. Z. Harris
12
Pg. 12
© 2002
David K. Z. Harris
Terminal Server Magic
Ø Reverse TCP (Reverse Telnet)
² Basic functionality these days
Ø Workstation telnet to TS
address:port
Ø Vendor-specific port formulae
² Port ranges are well known…
Ø Vendor-specific features
² Not consistent from vendor to vendor
Ø Hackers will look for these!
Originally, modems or ‘dumb terminals’ were connected to terminal servers,
and users would telnet from the terminal server to other points around the
network. Today, most terminal servers allow you to open a socket-based
connection to the IP address of the terminal server, but at a high TCP port
number, to connect to a particular serial port. (This was known as Reverse-
Telnet, because it was the reverse direction to the normal direction of attached
terminals using telnet to reach hosts and servers around the network.)
Some vendors allow only 7-bit sessions, while others provide the option for
full 8-bit sessions, and even “non-escapable” sessions (where the attached
device needs to drop the DCD or hardware handshake lead to disconnect your
session).
The list below tells you the formulae to determine the TCP port number for
two of the more popular terminal servers (where ‘n’ is the line (serial port)
number you wish to connect).
Cisco: 2000 + n (7-bit), 4000 + n (8-bit)
iTouch/MRV/Xyplex: 2000 + (100 * n)
IOLAN: 10000 + n
Hackers know to port-scan for these, so hide them well!