I very often connect to a 2820Vn via telnet, usually via a script that wakes up a connected computer. Whether by typing from a Windows command line or a script, I quite often get the message "system administrator is connecting from 69.53.7.222 [or any other address] reject the connection request !!!". The address is nothing to do with me, and varies widely on different occasions. This happens immediately; there is no option to enter an account or password.

Repeating the attempt a few times may bring up the same message, with the same IP address, several times, but will ultimately succeed, with no change to configuration, command, or script.

This is happening under Win10/64, and I think also happened under Win7/32, and possibly under WinXP/32 (mostly I notice that the script fails without any message being displayed unless I look for it, and I rerun it until it works); it would seem to be a general Windows issue. I have got no useful results on a search for <"system administrator is connecting from" reject> on this site or a general Web search: is this an uncommon error, or do people simply not make telnet connections?

I have also asked Drayek UK support.

Best wishes.

Hi pol098,
Can you clarify if this is a problem on a LAN or WAN connection please ?
At first thoughts, it sounds like a (Windows) firewall problem.
Can you SSH without any problems (if you've got Win10 Anniversary update, you can install the Ubuntu environment to give you a decent SSH client if you don't already have one.
Cheers
Simon

If your telnet port (23) is open on the wan (System Maintenance >> Management) and you do not need it available from wan then I strongly suggest that you turn it off. It will get hit all the time by bots trying to brute force in. While they may not get in they would cause you problems because only one telnet session can be active at once.

When there is another user logged in (or even at login prompt) it will not let you in and you get "System administrator is connecting from ...". So when you get that message either someone else is trying to login or it is detecting you twice somehow. I would guess, from the varying IP addresses, that someone or something else is trying to telnet in via the wan.

jedi98 wrote: If your telnet port (21) is open on the wan (System Maintenance >> Management) and you do not need it available from wan then I strongly suggest that you turn it off. It will get hit all the time by bots trying to brute force in. While they may not get in they would cause you problems because only one telnet session can be active at once.

When there is another user logged in (or even at login prompt) it will not let you in and you get "System administrator is connecting from ...". So when you get that message either someone else is trying to login or it is detecting you twice somehow. I would guess, from the varying IP addresses, that someone or something else is trying to telnet in via the wan.

Thanks for quick responses. I also got a reply from Draytek: "go into router administration and enable telnet"(?!). A much better response here, thanks again.

I've noticed the problem on a LAN connection; I'm not sure about WAN (haven't used it for a while). The main purpose of enabling telnet is to enable me to make connections from anywhere in the world (although I actually do use it more frequently locally to avoid having to get up and switch a machine on ...). I switch on machines and make VPN connections, protected by the VPN password and further by the passwords to login or have access to machines on the LAN. The suggestion that the telnet login is failing because of repeated attempts to attack the network from outside is worrying; the failure to login is frequent enough to suggest sustained attacks, from different IPs. One thing I can do is look up IP addresses perhaps trying to connect and see where they are in the world, for what it's worth. I'm not going to do much testing of different access methods as the event is unpredictable: most of my connection attempts succeed. I will try connecting from two LAN locations simultaneously to see if I get the same error message.

From the management menu I see I can restrict access to stated IP addresses, which will work for local access; when travelling, if I want to take the risk I can (if I remember!) disable the restriction.

While I don't want the router to be accessed maliciously, what are the worst-case consequences? All I can see is the ability to misconfigure the router maliciously (change DNS servers, disable firewalling and so on), which can be checked by examining the setup, and corrected by restoring from a good configuration. It doesn't seem likely that password-protected machines on the LAN could be accessed. I ask this to find out, I'm not questioning the undesirability of malicious access!

Best wishes and thanks again

Folloup from original poster: I'm very glad I posted this question about a "trivial annoyance"! I just tried to telnet to my 2820, and got three successive failures, saying administrator was connecting from three different addresses, two of which I traced to China and one to Israel. Presumably my IP address has got on a list of open telnet ports? So promptly restricted access, allowing only addresses on my local network. I don't yet know what I'm going to do when travelling - maybe set a very long password and allow access from anywhere? I won't generally know beforehand the IP addresses I'll need to connect from. Thanks again to Jedi98.

Suggestions for security accessing from wan:-

• Use VPN where possible- then you don't need wan access at all


• Make sure the password is adequate


• Use HTTPS web interface where possible


• Use SSH instead of telnet, because telnet passes passwords unencrypted and so can be intercepted


• Change the default ports for ssh and telnet, the bots mainly target the defaults


• Turn off FTP

What can they do if they get in? How about redirect your DNS through a proxy so that they can redirect all your traffic to who knows where! Yes I've seen it (on an asus router which is less secure) and it really caught me by surprise.

But mainly it's just a real pain - eg. brute force attack slowing up your connection.