Hackers Bringing Telnet Back

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Thursday January 27, 2011 @01:52AM from the gopher-still-dead dept.

alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks. The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."

238 comments

Min score:

Reason:

Sort:

who still uses telnet? by Anonymous Coward · 2011-01-27 01:54 · Score: 1

who still uses telnet?
1. Re:who still uses telnet? by SirGarlon · 2011-01-27 02:00 · Score: 3, Interesting
  
  I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.
  
  --
  [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
2. Re:who still uses telnet? by ivucica · 2011-01-27 02:01 · Score: 0
  
  Grandpa
3. Re:who still uses telnet? by nharmon · 2011-01-27 02:01 · Score: 1
  
  People who don't know how to set up SSH.
4. Re:who still uses telnet? by maotx · 2011-01-27 02:02 · Score: 5, Informative
  
  I do whenever I need my Star Wars Fix. Just telnet to towel.blinkenlights.nl.
  
  --
  I'm a virgo and on Slashdot. Coincidence? Yes.
5. Re:who still uses telnet? by AaxelB · 2011-01-27 02:05 · Score: 2
  
  The only ones I'm aware of are those who play Nethack (or its variants) on a server like nethack.alt.org :)
6. Re:who still uses telnet? by Anonymous Coward · 2011-01-27 02:05 · Score: 1, Interesting
  
  You obviously don't work in a large enterprise that insists on using broken terminals that only do telnet. Its kinda like ftp. You want to get rid of it, but there are always some assholes who continue to use broken clients.
  I have to post this anonymously for the safety of my job.
7. Re:who still uses telnet? by Skywings · 2011-01-27 02:11 · Score: 1
  
  I wouldn't have imagined that in this day and age there would many servers out there still with an active telnet service but I do know that a few ADSL modems out there and the odd network attached device. If you run a server and you leave your servers wide open you are asking for trouble. I've learned my lessons the hard way as I blundered my way into setting up my own LAMP based webserver and leaving openings wider than the Grand Canyon. When you're 15, a little knowledge can me dangerous. To cut a long story short, a lot of data was lost and a lot of time was wasted getting thing back up and running. Dumb things I did included opening up telnet to the world, trivial passwords, same passwords used everywhere and allowing root to login from telnet.
8. Re:who still uses telnet? by peragrin · 2011-01-27 02:15 · Score: 3, Informative
  
  SSH isn't always an available option.
  At work our primary application is a telenet app that logs into a specific server. Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back in). We tried to upgrade to more secure connection but found the clients to be lacking about 1/2 the features found in the simple telenet client. We were told some of those features might be in the next release or two in three - five years.
  Since businesses get locked into vendor lock-in pretty hard it is very tough to move out. You get stuck doing things insecurely or working around bad security because upgrading isn't possible without millions of dollars being spent uselessly(paying a vendor to bring their applications up to the year 2000 standards).
  I know of one company that used Win16 subsytem as a vital part of their application up until last year. they refused to upgrade it because it worked even though in order to install the application on windows XP often required rebooting into safe mode to bypass enough security to let it install. This Application was the only way to work with their product line too with quarterly updates to the data it contained. Oh and you have to upgrade the entire application in order to update the data inside.
  It is those kinds of practices that make obsolete tech like telenet still exist.
  
  --
  i thought once I was found, but it was only a dream.
9. Re:who still uses telnet? by Chapter80 · 2011-01-27 02:16 · Score: 2
  
  I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.
  Telnet to other ports is a GREAT way to learn how protocols work.
  Here are some exercises: From a DOS prompt, try:
  C:> telnet www.google.com 80 GET
  GET won't be echoed, but you can see the retrieval of a web page. You can try all commands that are part of the HTTP protocol, including the exchange of cookies, posting data, etc.
  Or try telnet-ing into a pop server.
10. Re:who still uses telnet? by zigurat667 · 2011-01-27 02:20 · Score: 1
  
  Thanks for sharing! That really is a viable excuse for using telnet.
11. Re:who still uses telnet? by hydrofix · 2011-01-27 02:32 · Score: 3, Informative
  
  You might have better success with even a semi-valid HTTP/1.1 request such as
  GET / HTTP/1.1
  Host: www.google.com
  Also, using telnet here is redundant. You should consider using one of the several netcats available. Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).
12. Re:who still uses telnet? by morgan_greywolf · 2011-01-27 02:33 · Score: 2
  
  In addition, a lot of switches and other network equipment still don't have SSH. Even switches only a couple of years old.
  
  --
  My blog
13. Re:who still uses telnet? by Lumpy · 2011-01-27 02:40 · Score: 2
  
  Godaddy.com
  ALL of their hosting has telnet and open FTP you have to specially request SSH and SFTP.
  
  --
  Do not look at laser with remaining good eye.
14. Re:who still uses telnet? by bball99 · 2011-01-27 02:41 · Score: 1
  
  but hey, it's fun to watch on a honeypot under emulation! :-)
15. Re:who still uses telnet? by 0123456 · 2011-01-27 02:43 · Score: 1
  
  My webcam used to have the telnet port open and would drop you straight into a root shell if you connected to it (no password required). Fortunately the new firmware fixed that.
16. Re:who still uses telnet? by Onuma · 2011-01-27 02:47 · Score: 2
  
  I have to post this anonymously for the safety of my job.
  If you're worried about potentially losing your job over that type of comment, then I hope you're not posting this from work ...
  
  --
  What else can happen when an unstoppable force collides with an immovable object?
17. Re:who still uses telnet? by Runaway1956 · 2011-01-27 02:49 · Score: 3, Insightful
  
  Right on target. I've witnessed many a clerk in a shipping/receiving department using telnet to connect to a server. Not just in-house, but often times across the country. People put those computers in place, and set up their systems 20 years ago, or more, and they aren't about to change. "Don't fix what ain't broke!"
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
18. Re:who still uses telnet? by zach_the_lizard · 2011-01-27 02:51 · Score: 3, Interesting
  
  This is the case with certain Cisco IOS versions. It has to be a crypto version of IOS to support SSH.
  
  --
  SSC
19. Re:who still uses telnet? by hesiod · 2011-01-27 02:52 · Score: 1
  
  I know it's not always a realistic option because of politics or policy, but if your switches can't do SSH, I suggest you change brands.
20. Re:who still uses telnet? by MrVictor · 2011-01-27 02:54 · Score: 2
  
  Just a nitpick but that HTTP request is still invalid.
  GET / HTTP\1.1 Host: www.google.com
21. Re:who still uses telnet? by Tanktalus · 2011-01-27 02:56 · Score: 1
  
  "Don't fix what ain't broke!"
  The problem is often that they don't realise it's "broke (sic)". That is often the issue. When you bring in a physical item in more pieces than it's supposed to be, that's easy to tell that it's broken. When it's a stream of digital pulses, not so easy, unless your target is technologically aware, and not always even then. I still have problems convincing otherwise smart people to use placeholders in their SQL instead of concatenation.
22. Re:who still uses telnet? by thePowerOfGrayskull · 2011-01-27 02:57 · Score: 1
  
  Telnet clients are useful, especially for testing out text based protocols.
  Telnet on the server... well, I run it sandboxed to my LAN for testing BBSSH, but that's about it. However, it's probably safe to say that there are a lot of legacy devices (just just servers) which do provide access via telnet.
23. Re:who still uses telnet? by Tanktalus · 2011-01-27 03:00 · Score: 3, Insightful
  
  That's not a good reason to use telnet. That's a good reason not to use Godaddy.
  (Using dreamhost.com here, and I use ssh and rsync-over-ssh to do all of that... I wonder if sshfs would work, I imagine it would.)
24. Re:who still uses telnet? by Anonymous Coward · 2011-01-27 03:03 · Score: 0
  
  Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back).
  Ah, perimeter security, a concept about as outdated as telnet (but unfortunately not as deprecated).
25. Re:who still uses telnet? by arose · 2011-01-27 03:05 · Score: 1
  
  A couple years old? Who made that buying decision?
  
  --
  Analogies don't equal equalities, they are merely somewhat analogous.
26. Re:who still uses telnet? by Yvanhoe · 2011-01-27 03:06 · Score: 2
  
  We were told some of those features might be in the next release or two in three - five years.
  I may sound like a preacher, but that is exactly why you want to use open source software in as many aspects of your company as possible : to develop the features you lack at a given point without depending on a dozen of third parties who can't agree with each others. I know you probably aren't the one making the decision, but that is a point to regularly make : "if you had used the open alternative, we could have added this feature. Now we can't and need to wait for another company's goodwill".
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
27. Re:who still uses telnet? by medv4380 · 2011-01-27 03:20 · Score: 1
  
  My Modem has a telnet remote access if it's turned on and way back the Cisco 675 had it as well and someone could attack it and get in if the owner never turned telnet on so I would suspect they maybe hitting devices that have telnet that the user hasn't locked out yet.
28. Re:who still uses telnet? by hydrofix · 2011-01-27 03:25 · Score: 1
  
  You don't have to nitpick because you are wrong.
29. Re:who still uses telnet? by sglewis100 · 2011-01-27 03:30 · Score: 1
  
  I know it's not always a realistic option because of politics or policy, but if your switches can't do SSH, I suggest you change brands.
  Why? Heck, in some small companies even telnet is too sophisticated. Not everyone needs managed switches. My house lives without 'em.
30. Re:who still uses telnet? by hardburn · 2011-01-27 03:31 · Score: 1
  
  It's about the only way to config some old office laser printers.
  
  --
  Not a typewriter
31. Re:who still uses telnet? by Bert64 · 2011-01-27 03:33 · Score: 1
  
  The telnet *client* is extremely useful to talk raw protocol to a service, very good for debugging etc...
  Running a telnet service on the other hand, is sadly still very common... Lots of networking equipment these days still only has telnet and no ssh support... Even where SSH support is available, sometimes only telnet is enabled by default, sometimes ssh costs extra etc... And there are plenty of people who are used to using telnet and won't consider anything else regardless of what benefits it might provide.
  Also, windows still only comes with a telnet client, probably the last os that doesn't include ssh by default - which also makes ssh more troublesome to use from some random workstation.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
32. Re:who still uses telnet? by peragrin · 2011-01-27 03:34 · Score: 1, Troll
  
  Let's see spend $100,000 every 20 years to upgrade the software or spend $50,000 a year to pay someone to do it in house, and still get a vendor locked in solution, but only now you are the vendor.
  
  --
  i thought once I was found, but it was only a dream.
33. Re:who still uses telnet? by fishbowl · 2011-01-27 03:35 · Score: 1
  
  No doubt someone they hired after dropping a thousand resumes of qualified applicants on the floor.
  
  --
  -fb Everything not expressly forbidden is now mandatory.
34. Re:who still uses telnet? by mlts · 2011-01-27 03:45 · Score: 2
  
  I had to deal with a similar setup a few years ago. What I did was put them on their own Ethernet segment that was completely isolated from everything but one machine. Even the subnet had a separate hardware switch so there was no way (other than physical access or compromise of the telnet server) that the unencrypted traffic could be intercepted. This machine was what people telnetted into, then ssh-ed out from to do work. This way, the only real weak link were the paths from the terminals to the switch, and the switch to the telnet server.
  Of course, this may not be possible in all environments, but putting a box that is just used for telnetting into and either directly connecting terminals to that box via crossover cables, or using a good switch may help mitigate things.
35. Re:who still uses telnet? by SuricouRaven · 2011-01-27 04:03 · Score: 3, Insightful
  
  Would you like to drop the firewalls, then? Perimeter security isn't a complete security solution, but it's still a major part.
36. Re:who still uses telnet? by blacklint · 2011-01-27 04:39 · Score: 2
  
  Maybe he means "safety of my job" as in "so no one knows to telnet into our horribly insecure systems"?
  In which case, being anonymous would seem like a good idea :)
37. Re:who still uses telnet? by Bert64 · 2011-01-27 04:43 · Score: 1
  
  Whats wrong with telnet as a client?
  Netcat implementations often don't indicate wether a TCP connection has been established or not (or require extra parameters), which is why i generally use telnet for such things. Also telnet is present on virtually any os and most other network devices, netcat not so much.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
38. Re:who still uses telnet? by ThatMegathronDude · 2011-01-27 04:46 · Score: 3, Informative
  
  There are laws controlling the export and import of encryption technology in many countries. These laws restrict the sale and use of SSH; therefore, you have to differentiate your products if you want to sell in certain markets.
39. Re:who still uses telnet? by Tetsujin · 2011-01-27 06:26 · Score: 1
  
  who still uses telnet?
  Hackers! Didn't you read the summary?
  
  --
  Bow-ties are cool.
40. Re:who still uses telnet? by jonwil · 2011-01-27 07:03 · Score: 1
  
  In some cases there may be a company-wide ban on the use of encryption and in particular encryption that leaves the company network (it may sound stupid but I HAVE seen it before). So Telnet is the only approved way to access servers and things (especially stuff outside the normal company network such as machines hosted in a colo or something)
41. Re:who still uses telnet? by Kosi · 2011-01-27 07:14 · Score: 1
  
  I have to post this anonymously for the safety of my job.
  Or you could have written "change-resistant people" instead of "assholes". :-)
  It wouldn't matter if these idiots weren't way too often in a position where they are able to push their stupidities through, sometimes even when it's against company policy.
42. Re:who still uses telnet? by arose · 2011-01-27 09:16 · Score: 1
  
  Dropping firewalls because perimeter security is insufficient is like dropping authentication for remote access altogether because telnet is easily sniffed. In short, you misread me.
  
  --
  Analogies don't equal equalities, they are merely somewhat analogous.
43. Re:who still uses telnet? by dov_0 · 2011-01-27 10:17 · Score: 1
  
  I use telnet for configuring my routers. That's about it. For my server I use SSH.
  
  --
  sudo mount --milk --sugar /cup/tea /mouth /etc/init.d/relax start
44. Re:who still uses telnet? by hubie · 2011-01-27 10:20 · Score: 2
  
  Yeah, but dreamhost doesn't run commercials suggesting that Danica Patrick will take her top off for you.
45. Re:who still uses telnet? by cbiltcliffe · 2011-01-27 12:04 · Score: 1
  
  Let's see spend $100,000 every 20 years to upgrade the software
  
  You're an idiot.
  $500,000 every 5 years, maybe. Then there's all the consulting and troubleshooting costs to get some antiquated piece of crap that was released last year to run on a 5 year old OS which is way more advanced than that application is capable of running on.
  You've obviously never dealt with niche market enterprise level software.....
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
46. Re:who still uses telnet? by mldi · 2011-01-28 06:39 · Score: 1
  
  I really don't see what the problem is with telnet. If it works, use it.
  
  --
  If you aren't suspicious of your government's actions, you aren't doing your job as a responsible citizen.
47. Re:who still uses telnet? by Celestialwolf · 2011-01-28 11:59 · Score: 1
  
  I do webhosting support, and constantly use telnet to make sure a given server is listening on various ports (21, 22, 110, 587, etc.) .
In other news by mvar · 2011-01-27 01:55 · Score: 1, Offtopic

Number of incompetent administrators who still use the telnet protocol rises. More at 11
1. Re:In other news by TheRaven64 · 2011-01-27 01:56 · Score: 1
  
  Does it even count as hacking? Running a telnet service should count as granting random people authorised access.
  
  --
  I am TheRaven on Soylent News
2. Re:In other news by Skatox · 2011-01-27 01:57 · Score: 0
  
  True, i've never used telnet. There are a lot of secure protocols to use.
3. Re:In other news by Anonymous Coward · 2011-01-27 02:01 · Score: 0
  
  I can see a blackhat running a service under the telnet port, similar to how some people run a sshd that automatically grants root access on some port.
  However, telnet/telnetd as a service is a completely different story. Most competent admins got rid of telnetd more than a decade ago, and the telnet "client" tool is more of a debugging facility (to test port connectivity) than one used for remote access in today's IT climate.
4. Re:In other news by Rob+Kaper · 2011-01-27 02:03 · Score: 2
  
  Does it even count as hacking? Running a telnet service should count as granting random people authorised access.
  No more than running an FTP, SMTP, POP, IMAP or HTTP service without proper SSL/TLS/digest enhancements. All of them still industry standards, even the bare versions. But that's okay, the more ICT incompetence on this planet the more money I/we can make, right?
5. Re:In other news by CastrTroy · 2011-01-27 02:52 · Score: 2
  
  Well, to be a little more precise, FTP, SMTP, POP and IMAP don't give you command line (root) access to the computer you happen to get access too. If you break into an FTP Server, you only have access to the files that are put up on the FTP directories of that server. And possibly the right to upload new files. Which is a little less problem then having root access to the entire server. Same goes for all the other services you mention. I will have to give you this. I don't think Telnet is really that bad of a thing overall. If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH. Sure there's the whole MITM attack vector, but that's way too complicated considering the number of easy to attack machines there are out there.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
6. Re:In other news by multisync · 2011-01-27 03:02 · Score: 2
  
  Does it even count as hacking?
  No.
  I saw the headline, and thought the story was about hackers finding some new and novel use for telnet. You know, hacking.
  But it's just another article about infected Windows machines using brute force attacks on port 445 and - apparently - 23. You know, "hacking."
  Here's my favorite part:
  
  Administrators are generally advised to disable Telnet if the protocol is not used to prevent attacks targeting it, but some forget.
  
  As Steve Martin once said, "I'm sorry officer, I forgot armed robbery was illegal."
  
  --
  I don't care why you're posting AC
7. Re:In other news by Rob+Kaper · 2011-01-27 03:19 · Score: 1
  
  The telnet protocol itself doesn't give you access either, that all depends on what kind of shell (if any) and privileges (if any) you attach to it.
  The reason why I mentioned the other protocols is that access to the files and data available through those can be harmful enough to an organisation. Potentially more harmful than user privileges on a server with resource limits and no exploitable software installed.
8. Re:In other news by vasqzr · 2011-01-27 03:33 · Score: 1
  
  Being able to upload a file via FTP might be all you need to run an exploit and get root access. Or download the password file. Maybe get the password by sniffing an FTP session that is also used in another part of the system.
9. Re:In other news by Bert64 · 2011-01-27 04:54 · Score: 1
  
  Telnet, FTP, POP and IMAP will give someone sniffing the network access to the user and password you are using to connect to the service...
  Wether that is a root login or some other user is by the by. Someone could easily be using their root password via FTP and that would be just as dangerous as doing it over Telnet.
  Ofcourse it all depends on what the service is used for, a telnet service doesn't have to require authentication or provide a shell. It might simply provide a screen full of information, or an ascii version of starwars.. Similarly, unencrypted HTTP is perfectly fine for anonymous distribution of information.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
10. Re:In other news by mvar · 2011-01-27 06:48 · Score: 1
  
  If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH.
  Except that your password is sent in clear-text over Telnet.
11. Re:In other news by maxwell+demon · 2011-01-27 19:56 · Score: 1
  
  The admins are not the hackers (exceptions surely exist). It's more like: "Oh, yes, it would have been a good idea to close the door of the safe. Too bad the thieves found out it was open ..."
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
12. Re:In other news by CastrTroy · 2011-01-28 01:38 · Score: 1
  
  But like I said. The MITM attack is hard. The difficulty in catching the password as it travels over the network is eclipsed when compared to the fact that there's probably and equally tempting SSH machine sitting behind the password "123456". Why bother with the complexities of performing a MITM attack when you can just depend on clueless users to supply you with an easy to compromise machine.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Who doesn't? by puterg33k · 2011-01-27 01:59 · Score: 0

I use telnet to remote activate telnet on your Bay Networks/Netgear hardware.
Re:What's the problem? by dkleinsc · 2011-01-27 02:01 · Score: 3

Right, but when you type hunter2, we just see *******.
On another note, anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.

--
I am officially gone from /. Long live http://www.soylentnews.com/
People stopped using Telnet? by Raxxon · 2011-01-27 02:04 · Score: 4, Insightful

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
1. Re:People stopped using Telnet? by Notquitecajun · 2011-01-27 02:06 · Score: 5, Funny
  
  You play a MUD still, too. Admit it.
2. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 02:10 · Score: 0
  
  Methinks it's time to find some more secure tools for the ole' toolkit, my friend.
3. Re:People stopped using Telnet? by omglolbah · 2011-01-27 02:11 · Score: 3, Interesting
  
  Lensmoor.org port 3500
  Shameless plug. Fun place to hang ;)
4. Re:People stopped using Telnet? by mvar · 2011-01-27 02:13 · Score: 2
  
  Yes the telnet client is really useful, but its the server that has some..uhm.."issues".
5. Re:People stopped using Telnet? by Ephemeriis · 2011-01-27 02:19 · Score: 4, Insightful
  
  I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
  Sure, the telnet client is useful. I use it all the time for those very same reasons.
  But actually running a telnet server and allowing incoming connections on port 23? Nope. Stopped doing that for everything I could years ago, switched to SSH on everything that would support it. The things that wouldn't support it were all tucked away on our inside network. I've got nothing facing the world that'll accept connections on port 23.
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
6. Re:People stopped using Telnet? by SuricouRaven · 2011-01-27 02:22 · Score: 2
  
  muck.furry.com 8888
7. Re:People stopped using Telnet? by vagabond_gr · 2011-01-27 02:22 · Score: 5, Funny
  
  I'm using telnet for ssh too. Doing RSA in your head is a bit tricky at first, but once you get used to it it's really convenient.
  PS. For a real challenge try to PPP authenticate over dial-up using your voice.
8. Re:People stopped using Telnet? by SuricouRaven · 2011-01-27 02:23 · Score: 2
  
  Also spr.ctrl-c.liu.se 23. Lots of geeky types there.
9. Re:People stopped using Telnet? by afallowhorizon · 2011-01-27 02:27 · Score: 1
  
  Hey there Xanter ;)
10. Re:People stopped using Telnet? by LordLimecat · 2011-01-27 02:30 · Score: 4, Informative
  
  So you mean telnet the program, not telnet the protocol-- what the article was about?
11. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 02:35 · Score: 0
  
  I admin a large, active MUD and I don't like this news.
12. Re:People stopped using Telnet? by tom17 · 2011-01-27 02:35 · Score: 0
  
  I use telnet client daily for checking connectivity to a port on a server. It's also everywhere so I can always easily use it.
  What do you suggest instead?
13. Re:People stopped using Telnet? by lahvak · 2011-01-27 02:37 · Score: 1
  
  The things that wouldn't support it were all tucked away on our inside network
  I didn't read the article, but I wonder is this is exactly what it is about. The summary mentioned the use of mobile devices. I wonder if it goes like this: bring a phone to a building, manage to connect to a purely secured wireless network, find a device that has port 23 open, ..., profit!
  Of course, if you van get to it from the wireless network, it is not really safely tucked away.
  
  --
  AccountKiller
14. Re:People stopped using Telnet? by enec · 2011-01-27 02:37 · Score: 3, Funny
  
  That's easy play. I surf the web by licking the ethernet cable.
  
  --
  I'm sorry, I only accept criticism in the form of sed expressions.
15. Re:People stopped using Telnet? by jhesse · 2011-01-27 02:39 · Score: 1
  
  bbs.iscabbs.com
  
  --
  
  --
  "I have also mastered pomposity, even if I do say so myself." -Kryten
16. Re:People stopped using Telnet? by XorNand · 2011-01-27 02:40 · Score: 4, Insightful
  
  netcat ("nc" on most Linux distros) provides the same functionality. However, it's also more flexible in that it allows you to test UDP ports and you can easily set it up to listen for incoming connections on an arbitrary port. It's a great tool for troubleshooting firewall issues.
  
  --
  Entrepreneur : (noun), French for "unemployed"
17. Re:People stopped using Telnet? by Tolleman · 2011-01-27 02:45 · Score: 1
  
  Who doesn't? These modern MMORPG games are just MUDs for the dyslexic.
18. Re:People stopped using Telnet? by annodomini · 2011-01-27 02:45 · Score: 2
  
  You might want to look into using Netcat (or socat) for this purpose; more flexible if you want to pipe the output through something like grep or tee, and it won't mistakenly try to interpret certain characters according to the Telnet protocol.
19. Re:People stopped using Telnet? by Dunbal · 2011-01-27 02:47 · Score: 1
  
  Ahh but can you whistle 300 baud?
  
  --
  Seven puppies were harmed during the making of this post.
20. Re:People stopped using Telnet? by MacGyver2210 · 2011-01-27 02:49 · Score: 1
  
  moo.sindome.org:5555
  
  --
  If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
21. Re:People stopped using Telnet? by TheRaven64 · 2011-01-27 03:00 · Score: 2
  
  Telnet is fine for testing whether a port is open, but most of the time you want to use SSL. openssl s_client -connect is roughly equivalent to telnet, but also does the TLS handshake for you.
  
  --
  I am TheRaven on Soylent News
22. Re:People stopped using Telnet? by The+Moof · 2011-01-27 03:17 · Score: 1
  
  Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors
  If you're testing user accounts, or logging into your POP3 box to check those mail headers, you may want to consider not using the telnet client anymore. You're potentially compromising any accounts you log into the same as you would with telnet accounts. Your server should be configured to use TLS/SSL for clients, and you can debug them telnet-style with the s_client (in the OpenSSL suite).
23. Re:People stopped using Telnet? by jayme0227 · 2011-01-27 03:20 · Score: 1
  
  revengeofthejedi.com port 9400
  Ok, so I haven't played it in a few months, but I always seem to return.
  
  --
  But then I realized the cable was blue, so I only gave it one star. I hate blue.
24. Re:People stopped using Telnet? by Jon+Stone · 2011-01-27 03:35 · Score: 1
  
  Simple 3-way handshake and boom, datastream.
  Then you're not using the telnet protocol. Telnet does a certain amount of negotiation at connection to pass through environment variables and the like to the server. Most clients automatically skip this if the server port is not 23.
25. Re:People stopped using Telnet? by DavidTC · 2011-01-27 03:35 · Score: 1
  
  Ah, but some of those now support SSL connections.
  
  --
  If corporations are people, aren't stockholders guilty of slavery?
26. Re:People stopped using Telnet? by Securityemo · 2011-01-27 03:36 · Score: 1
  
  You might want to look into NMaps scripting features if you have the time. It's designed to implement exactly that kind of stuff.
  
  --
  Emotions! In your brain!
27. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 03:40 · Score: 0
  
  Maybe so, but have you trained your guts so that you can shit flowers and candy?
28. Re:People stopped using Telnet? by 1s44c · 2011-01-27 03:41 · Score: 1
  
  I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
  But you don't use it to telnet to port 23 and login to a system with a username and password. That appears to be what this story is about.
  Yes the telnet binary is still very useful just not for carrying passwords though public networks.
29. Re:People stopped using Telnet? by rickb928 · 2011-01-27 03:43 · Score: 1
  
  Yes, and my level 283 Ninja is a lot more fun than your level 546 Scavi. Deal with it.
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
30. Re:People stopped using Telnet? by Archangel+Michael · 2011-01-27 03:46 · Score: 1
  
  If you allow unknown machines on your wireless in your office,you're not properly secure. We have unsecured wireless in our offices, but they are all on a VLAN that can only go out to the iNet.No corporate networks are accessible. And if you need more security than that, multiple firewalls and DMZs and Intrusion Detection Systems.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
31. Re:People stopped using Telnet? by tom17 · 2011-01-27 04:00 · Score: 0
  
  How do I use netstat to check that I can connect from my local machine to a remote machine (I checked the man page and don't see an option for this, so i'm genuinely curious)? Running netstat on the remote machine to see if the port is listening does not cut it, there is more to it than just listening.
  Also, and I know I did not mention this usage case, but I do it regularly and lots of others have mentioned it... How would netstat give me any indication that I am connecting to the service I am expecting(sometimes you know what greeting to see for certain services you ahve configured)? How can I interact with the service in a rudimentary manner(GET for http. HELO, for SMTP etc)?
  Telnet client has great value. For what it does, I am aware of no other ubiquitous tool to use instead. I'm curious to find out if there is one. Surely it would just be Telnet with a different name :)
32. Re:People stopped using Telnet? by Carewolf · 2011-01-27 04:06 · Score: 1
  
  When bring a wire and connected to your wired network. If you can have a security breach simply by someone being on the same network you have security problem.. Ohh. look: Your manager just downloaded a trojan he thought was porn == hacked.
33. Re:People stopped using Telnet? by SuricouRaven · 2011-01-27 04:06 · Score: 1
  
  Which makes Second Life a MUCK for the dyslexic. And those of short attention span.
34. Re:People stopped using Telnet? by ZorinLynx · 2011-01-27 04:08 · Score: 1
  
  furry.com 8888
  Since 1995! Some things never change. :)
  (though in reality these days the TinyMUCK server supports SSL and I definitely use it)
35. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 04:21 · Score: 0
  
  I use telnet for the *many* telnet BBS that are still running.
36. Re:People stopped using Telnet? by trollertron3000 · 2011-01-27 04:31 · Score: 2
  
  Of course I can. I got a captain crunch whistle embedded in my larynx.
  
  --
  Tiger Blooded Bi-Winning Machine
37. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 04:35 · Score: 0
  
  anguish.org 2222
38. Re:People stopped using Telnet? by StikyPad · 2011-01-27 04:48 · Score: 1
  
  PAP, CHAP, or EAP?
  
  --
  https://www.eff.org/https-everywhere
39. Re:People stopped using Telnet? by ZorinLynx · 2011-01-27 04:51 · Score: 1
  
  Meow. :) Long time no see!
40. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 04:59 · Score: 0
  
  That's easy play. I surf the web by licking the ethernet cable.
  mmmm...porn
41. Re:People stopped using Telnet? by mattrwilliams · 2011-01-27 05:12 · Score: 1
  
  Simple 3-way handshake and boom, datastream.
  Actually, that isn't quite true.
  After the TCP handshake, Telnet will negotiate options related to the session (see the command structure defined in RFC 854). These are done with high byte values (240 through 255) and control things like local echo. If the service you are talking to doesn't correctly ignore these sequences, then they can corrupt the data stream.
  netcat is generally a better choice for connecting to generic services that use ASCII command sets.
  
  --
  The generation of random numbers is too important to leave to chance
42. Re:People stopped using Telnet? by Pharmboy · 2011-01-27 05:30 · Score: 1
  
  The telnet server doesn't have issues. If all you need is a completely insecure way to connect to a machine, you can't beat telnet. It has been around forever, every OS has a client, completely open standard, and it is very fast and easy to use. Even better than ssh.
  If you are foolish enough to setup a telnet server that faces the INTERNET, well then, the problem isn't the daemon, it is the administrator. Point being that there are still some uses where telnet might be appropriate and perfectly functional, as long as the boxen are facing in, and not out toward the real world.
  
  --
  Tequila: It's not just for breakfast anymore!
43. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 05:39 · Score: 0
  
  I never cared for MUDs, but I do love connecting to a Nethack server and trying to get a decent score
44. Re:People stopped using Telnet? by severoon · 2011-01-27 06:04 · Score: 1
  
  I'm bringing telnet back (what?)
  them other hackers dunno how to act (what?)
  i got fat pipe so i tcp ack (what?)
  i rock a botnet, you best watch your back (packets thru the bridge!)
  
  --
  but have you considered the following argument: shut up.
45. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 06:06 · Score: 0
  
  Cable licking is the new window licking.
46. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 06:36 · Score: 0
  
  There is an article?
47. Re:People stopped using Telnet? by yyttrrre · 2011-01-27 06:44 · Score: 1
  
  For an added bonus try POE.
  
  --
  http://slashdot.org/comments.
48. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 06:48 · Score: 0
  
  Nice!
49. Re:People stopped using Telnet? by Hawke666 · 2011-01-27 06:56 · Score: 1
  
  Netcat is not the same as netstat. However, netcat does have the disadvantage of not being nearly so ubiquitous.
50. Re:People stopped using Telnet? by Menkhaf · 2011-01-27 07:25 · Score: 1
  
  ...or watch Star Wars...
  towel.blinkenlights.nl 23
  
  --
  A proud member of the Onion-in-Hand alliance
51. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 07:45 · Score: 0
  
  Yeah I think its at the bottom of the page ... they might not have it yet, so keep hitting "Get more comments." In the meantime, it is custom to discuss random things.
52. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 07:57 · Score: 0
  
  I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
  Telnet is *not* just a TCP three-way handshake; it continues with feature negotiation stuff which few people alive today understand.
  Usually you're lucky and your session survives this stage, but in general you're much better off with netcat (and specifically the OpenBSD project's improved version).
53. Re:People stopped using Telnet? by nblender · 2011-01-27 08:04 · Score: 2
  
  You joke... When I was a kid, my 300 baud acoustic coupler had a little lever you had to lift up and pivot to simultaneously clamp down the handset and if you lifted it further, it would initiate outgoing carrier instead of listening for carrier... The contacts on the second level were trashed by some previous knucklehead so if you were trying to initiate a dialup session with someone calling you (a friend to trade some Apple-][ warez), I couldn't get my coupler to initiate... So I had to figure out how to whistle the 300baud carrier to get the other modem to start.. Then I could clamp down my handset and start xmodem... Get off my lawn.
54. Re:People stopped using Telnet? by Archangel+Michael · 2011-01-27 08:18 · Score: 1
  
  Not if you run your network like I do.
  Ports are OFF until I know what is being plugged into them. Then I can apply the right VLAN to them and keep the systems safe that need to be safe.
  And if your boss is running PORN and getting Trojans, then you put him on his own VLAN where it cannot hurt you, and you use Citrix client to give him access to protected systems to keep him isolated.
  The cost of protecting the network is only thing preventing people from doing it. In many cases, the cost isn't worth it, until it is too late. And that is why it is called "too late"
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
55. Re:People stopped using Telnet? by rahvin112 · 2011-01-27 08:51 · Score: 1
  
  I on the other hand have no port 22 active and all my SSH services operate on port 23. Exploitation scripts then need the intelligence to recognize a SSH response on the telnet port.
  Probably doesn't filter very many attacks but it's just that little extra bit to confuse the idiots.
56. Re:People stopped using Telnet? by EvilBudMan · 2011-01-27 09:05 · Score: 1
  
  Nope it's useful inter office but gets firewalled otherwise. I wonder if the library's still use it?
57. Re:People stopped using Telnet? by Anonymous Coward · 2011-01-27 09:08 · Score: 0
  
  telnet is an awesome web browser...
58. Re:People stopped using Telnet? by danlock4 · 2011-01-27 09:58 · Score: 1
  
  I think goatse.cx would only cause musings of blackhole routers to dance in one's head.
  
  --
  To .sig or not to .sig, that is the question.
59. Re:People stopped using Telnet? by Onymous+Coward · 2011-01-27 10:18 · Score: 1
  
  Sh! (Meaning, be quiet!)
60. Re:People stopped using Telnet? by oobayly · 2011-01-27 10:59 · Score: 1
  
  Have you tried using Telnet on Vista or Win7? For some insane reason MS decided not to install it in the default distribution:
  
  As time has passed, fewer users use telnet. Thus, to decrease the foot print as well as the attack surface, we decided to make it an optional component.
  The server was never (as far as I can recall) enabled by default on Windows, and the client's footprint is fairly negligible compared to that of the OS. It also takes bloody ages to install for some reason, it's far quicker to download putty.exe on Vista/Win7 and use that instead.
  I now keep a USB drive on me containing Wireshark, Process Explorer, TCPView & PuTTY, so I can actually get things done
61. Re:People stopped using Telnet? by Pharmboy · 2011-01-27 12:36 · Score: 1
  
  I haven't tried using the stock telnet client until just now. I use Putty on winboxes anyway, but it is pretty stupid to delete the telnet client in the OS. MS has a habit of deleting features that are handy. Like their cardfile.exe from Win3.1 that got dropped in 95, etc., as well as NOT providing symbolic links/shortcuts for old programs that have been superseded.
  
  --
  Tequila: It's not just for breakfast anymore!
62. Re:People stopped using Telnet? by XCondE · 2011-01-27 14:08 · Score: 1
  
  I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
  You use a telnet application/client; you might as well have been using netcat or any other TCP client. I doubt many people still have telnet servers running (emphasis on many).
63. Re:People stopped using Telnet? by nametaken · 2011-01-27 16:36 · Score: 1
  
  Holy crap, Cap'n Crunch posts on slashdot?
64. Re:People stopped using Telnet? by tom17 · 2011-01-28 02:22 · Score: 1
  
  DOH! Misread that. Not used netcat before. I think now that it's been mentioned to me before but I read it as netstat lol. oops.
  But yeah, it's not ubiquitous... it's not on our Solaris or aix boxes. Telnet client still wins :)
65. Re:People stopped using Telnet? by Lord_Byron · 2011-01-30 03:56 · Score: 1
  
  There are other ways to do that: http://netcat.sourceforge.net/
  That said, as long as the telnet client is already installed, I see your point.
A tip for management by goodmanj · 2011-01-27 02:05 · Score: 5, Insightful

If you manage your company or institution's IT department, please do the following:
Step 1: Turn on "telnet" on your PC. (Of course you Windows, you're management, right?)
Step 2: Try to "telnet" to your company's website, or to any other machine or service names your underlings bandy about.
Step 3: If you don't see "Connection refused" every time, FIRE EVERYONE WHO REPORTS TO YOU.
1. Re:A tip for management by Anonymous Coward · 2011-01-27 02:13 · Score: 0
  
  I just tried to connect to my company website (websites run on port 80, right?) it and got the following - the P45s are in the post!
  $ telnet mycompanywebsite.com 80
  Trying mycompanywebsite.com...
  Connected to mycompanywebsite.com.
  Escape character is '^]'.
  hello
  501 Method Not Implemented
  Method Not Implemented
  hello to /index.html not supported.
  Apache/2.2.9 (Debian) Server at mycompanywebsite.com Port 80
  Connection closed by foreign host.
2. Re:A tip for management by Ephemeriis · 2011-01-27 02:22 · Score: 1
  
  One of the things that makes a telnet client so handy is that it'll take a datastream from just about anything. It's great for troubleshooting SMTP servers and things like that.
  The point that the parent was trying to make is that there is absolutely no reason you should be running a telnet server on any public-facing server.
  Telnet itself answers on port 23. You could use a telnet connection to port 80 to maybe do some troubleshooting or something... But if you just try to telnet into your company website on the default port (23) and you get a login prompt, somebody is doing something wrong.
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
3. Re:A tip for management by ediron2 · 2011-01-27 02:24 · Score: 1
  
  Try typing 'Global Thermonuclear War' instead of 'hello'.
4. Re:A tip for management by dr2chase · 2011-01-27 02:38 · Score: 4, Funny
  
  I think it would be ok if it said, "Hello, I am Eliza."
5. Re:A tip for management by Skater · 2011-01-27 02:40 · Score: 2
  
  Unfortunately I use a software package that requires telnet. Their SSH solution is basically unusable, and it's not feasible to switch away from that package. Pretty annoying, actually, because every new server is set up with telnet disabled (naturally), and we have to get it re-enabled, and they always put it on a random port number.
6. Re:A tip for management by goodmanj · 2011-01-27 02:42 · Score: 2
  
  "websites run on port 80, right?)"
  If you know this, you are not an IT manager. Nice try!
7. Re:A tip for management by Anonymous Coward · 2011-01-27 02:48 · Score: 0
  
  And precisely because of that, your software vendor don't care about making a better SSH port. Try not using it and as soon as they start losing money a new package with full SSH support will be released.
  The fact is that you still adding Telnet servers into your company's network. So the chances are: either this software improves or someone gets fired for being hacked, whatever happens first.
8. Re:A tip for management by hedwards · 2011-01-27 02:57 · Score: 2
  
  I take it that tunneling the telnet session via SSH isn't a reasonable option. Telnet at this point is antiquated and anybody that's providing software that requires it needs to be barred from the industry. It hasn't been a reasonable option in my memory, and it wasn't a reasonable option for quite some time when I started picking up FreeBSD in '99 or so.
9. Re:A tip for management by Anonymous Coward · 2011-01-27 02:59 · Score: 0
  
  Then put it behind a NAT router. SSH into the router and telnet in from there. Make sure to secure the router as best as possible including all security updates. Don't stop pressuring the software vendor to fix it's SSH support.
10. Re:A tip for management by zach_the_lizard · 2011-01-27 03:00 · Score: 1
  
  telnet google.com 80
  Trying 72.14.204.104...
  Connected to google.com.
  Escape character is '^]'.
  Global Thermonuclear War
  HTTP/1.0 400 Bad Request
  Content-Type: text/html; charset=UTF-8
  Content-Length: 1350
  Date: Thu, 27 Jan 2011 14:58:35 GMT
  Server: GFE/2.0
  But I just wanted to play a game!
  
  --
  SSC
11. Re:A tip for management by vegiVamp · 2011-01-27 03:09 · Score: 1
  
  Sooo... port forwarding over SSH ?
  
  --
  What a depressingly stupid machine.
12. Re:A tip for management by Anonymous Coward · 2011-01-27 03:19 · Score: 0
  
  (Of course you Windows, your company is relevant, right?)
  FTFY.
13. Re:A tip for management by dr2chase · 2011-01-27 03:54 · Score: 1
  
  Tunnelling is a fabulous suggestion, but it's not intuitively obvious (I figure it out when I need it, and retain the info just long enough to get the shell script working). If you can provide the incantation, that would be very helpful.
14. Re:A tip for management by PPH · 2011-01-27 04:08 · Score: 1
  
  So, how many of you have PHBs that will try telnet to port 80 and run in in a panic about why telnet is enabled on their system and its a security hole and how you've all got to drop everything and fix it right now?
  
  --
  Have gnu, will travel.
15. Re:A tip for management by marcosdumay · 2011-01-27 04:43 · Score: 2
  
  And how do you feel about GET / HTTP/1.1?
  
  --
  Rethinking email
16. Re:A tip for management by Bengie · 2011-01-27 05:11 · Score: 1
  
  VPN and firewall rules should be a decent bandaid to protect telnet servers from outside connections. But "off like a bandaid" applies better to telnet.. gut it.
17. Re:A tip for management by Culture20 · 2011-01-27 05:40 · Score: 1
  
  Tunnelling is a fabulous suggestion, but it's not intuitively obvious (I figure it out when I need it, and retain the info just long enough to get the shell script working). If you can provide the incantation, that would be very helpful.
  Yeah, this is a problem. I can set up a tunnel easily because I do it every day, but explaining to my users how to use an ssh tunnel to connect to a firewalled port that their nonsecure webapp runs on is brutal. I send them an email explaining it, then do it for them, then resend them the email explaining it because they deleted the email. Show them that yes, the webapp is now pretending to be on localhost port foo now, so use the browser to access port foo. Rinse, repeat.
18. Re:A tip for management by Volundr · 2011-01-27 06:19 · Score: 0
  
  Actually, even if you do get connection refused you should probably fire them, or at least chew them out. WTF are you not using a proper firewall for? You should be seeing timeouts.
19. Re:A tip for management by Have+Brain+Will+Rent · 2011-01-27 06:48 · Score: 1
  
  That's a bit harsh on his secretary, don't you think?
  
  --
  The tyrant will always find a pretext for his tyranny - Aesop
20. Re:A tip for management by Mr.+Foogle · 2011-01-27 07:08 · Score: 1
  
  When I send my boss an estimate for replacing every single ancient Axis print server that does not support SSH .. he might change his mind about wholesale firing.
  
  --
  Display some adaptability.
21. Re:A tip for management by yuhong · 2011-01-27 07:31 · Score: 1
  
  My favorite is HEAD, for reading the HTTP headers. Handy for debugging purposes, and the output is guaranteed to be plain 7-bit ASCII.
22. Re:A tip for management by yuhong · 2011-01-27 07:36 · Score: 1
  
  Yea, there is a difference between telnet on a private network and on the public Internet.
23. Re:A tip for management by yuhong · 2011-01-27 07:48 · Score: 1
  
  Not the IT manager targeted. Those knowing that HTTP runs on port 80 likely know that it is perfectly okay. Those that don't will just use the default when telnetting.
24. Re:A tip for management by jd2112 · 2011-01-27 08:06 · Score: 1
  
  IT Worker reaponse: But we're using telnet to support a mission critical DOS era application that YOU wouldn't approve the funding to replace. And besides it's configured to require IPSec encryption and authentication so it's at least as secure as SSH.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
25. Re:A tip for management by Anonymous Coward · 2011-01-27 08:37 · Score: 0
  
  I think he means the telnet port, you retard.
  P.S.: It's not a "whoosh" when your joke completely sucks.
26. Re:A tip for management by hedwards · 2011-01-27 10:26 · Score: 1
  
  It depends on your platform. For Windows Putty will do it pretty all for you without having to know much. On Linux the following should help you out: Ssh port forwarding
  
  Once you do it a couple times it gets to be pretty easy, the only hitch is that it can be a pain if their side is on a dynamic IP. But that's easily scripted.
27. Re:A tip for management by Anonymous Coward · 2011-01-27 11:03 · Score: 0
  
  To be more precise, the point OP was making is that it is easy to check if a telnet server is running.
28. Re:A tip for management by goodmanj · 2011-01-27 13:55 · Score: 1
  
  PHB's don't know what "port 80" means.
29. Re:A tip for management by thisisntme · 2011-01-27 21:08 · Score: 1
  
  Why would a web server respond with a GET request?
30. Re:A tip for management by marcosdumay · 2011-01-28 01:34 · Score: 1
  
  Try looking into Elisa on Google. Or if you have emacs on handy, I think it is ^x-doctor.
  
  --
  Rethinking email
31. Re:A tip for management by Anonymous Coward · 2011-01-29 03:55 · Score: 0
  
  Now why don't they (Microsoft) have warning on that page that telnet is completely insecure and should not be used for administration, ever.
Good ole days by Airdorn · 2011-01-27 02:06 · Score: 1

I like telnet because it reminds me of when I was young.
1. Re:Good ole days by John+Hasler · 2011-01-27 02:39 · Score: 4, Insightful
  
  If telnet reminds you of when you were young you aren't old.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:Good ole days by zach_the_lizard · 2011-01-27 03:04 · Score: 1
  
  He could very well be. Wikipedia says Telnet was under development in 1969. He could have old enough at the time to have used it.
  
  --
  SSC
Misleading headline by antifoidulus · 2011-01-27 02:09 · Score: 4, Insightful

Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

--
Monstar L
1. Re:Misleading headline by Ngarrang · 2011-01-27 02:17 · Score: 1
  
  Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"
  If I had a mod point, you would have it. This is so true. The hackers can only hack what you've left connected and unsecured. What happened to the policy of closing every port, then open up the one's you actually need.
  
  --
  Bearded Dragon
2. Re:Misleading headline by Media_Scumbag · 2011-01-27 02:37 · Score: 1
  
  Yes, that headline would be more suitable, but the analogy is trite. Water is not "wet" when it is a solid, or a vapor. I wish people would let this expression die.
3. Re:Misleading headline by Anonymous Coward · 2011-01-27 02:58 · Score: 0
  
  I reject your argument... When water is called water, it is wet. If it is solid, it's called ice, and when it is a vapor it is called steam or "water vapor" (always those two words together). If someone says "water" they're almost always talking about liquid water, unless they are a scientist (not a news reporter).
4. Re:Misleading headline by Securityemo · 2011-01-27 03:41 · Score: 1
  
  A surge in connection attempts like this obviously indicates that someone's found a remote pre-auth hole in a popular telnet service. Apart from coders presumably putting in a lot more effort to write secure code for the SSH server, telnet is only easier to hack compared to an SSH server in terms of MITM/sniffing attacks.
  
  --
  Emotions! In your brain!
5. Re:Misleading headline by DavidTC · 2011-01-27 03:46 · Score: 1
  
  Actually, ice and water vapor are both pretty wet if people interact with them, as the part of them touching a person rapidly changes to the person's temperature and turns into water. And 'wet' means 'gets liquid on a person'.
  So standing in steam or touching ice in normal room temperature, you'll find they are, indeed, 'wet', as they will get liquid on you.
  Now, if the air temperature is too extreme it won't, if you stand in steam at 300 degrees air temp or in ice cold enough that the water on your skin refreezes so fast you can't feel it, but you'll be seriously injured or dead anyway, so what is 'wet' is somewhat moot there....human speech only describes things we live though, for obvious reasons.
  That said, the other poster is right...'water' is the liquid state of H2O. Calling ice or steam 'water' is incorrect. But interacting with those both do actually get water on you, and thus are 'wet' anyway.
  
  --
  If corporations are people, aren't stockholders guilty of slavery?
6. Re:Misleading headline by John+Hasler · 2011-01-27 03:53 · Score: 1
  
  > Um, the reason they are using telnet is because it's trivial to hack,
  No, it is trivial to intercept telnet passwords (which are sent in the clear) if you have access to a channel over which someone is logging in via telnet. A telnet deamon just sitting there unused creates a vulnerability only to the extent that it is a channel for attacking bad passwords (which is surely what these kids are doing).
  However, there is no good reason to run a telnet daemon these days, especially on the public Internet.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
7. Re:Misleading headline by Archangel+Michael · 2011-01-27 04:00 · Score: 0
  
  Solid water is "water" but we call it ... ICE .
  Water that is vapor is "water" but we call it STEAM.
  Water in its liquid form has no other common name, it is WATER. So, water (liquid H20) is wet, as is most H2O on this planet. Therefore, when people say "water" it is generally speaking of H2O Liquid. When they mean the exceptions (ICE, STEAM) they will refer to it using those terms.
  Here's a helpful hint, and I'm being nice in telling you this. People like you should just learn how to STFU, because while trying to sound "smart" you just come across as an asshole trying to sound smart. You come across as really just a stupid moron. Is that what you were aiming for?
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
8. Re:Misleading headline by antifoidulus · 2011-01-27 04:00 · Score: 1
  
  Though you sort of get into conditional probabilities there. If an attacker does a sweep looking for targets, anything with telnet is going to stand out as a something potentially juicy. If telnet is configured more than likely there are other services that aren't up to snuff and it's probably easier to find a way in.
  
  --
  Monstar L
9. Re:Misleading headline by kbielefe · 2011-01-27 04:35 · Score: 2
  
  However, there is no good reason to run a telnet daemon these days, especially on the public Internet.
  Interesting you should say that, because the article actually says they don't know if it's brute force login attempts or botnet traffic. A largely unused port with traffic that most people ignore makes sense to park a botnet on. It makes a lot more sense than a sudden spike in system administrator incompetence, which means most of the comments on this story are likely off the mark.
  
  --
  This space intentionally left blank.
10. Re:Misleading headline by Securityemo · 2011-01-27 04:56 · Score: 1
  
  Yeah, but that depends on the target selection method. I'm guessing spikes like these are mostly bot spreader code (worm-like behaviour) rather than anything man-powered. Find/buy exploit, rewrite it to use your call-back multi-stage bot-loader shellcode, cram it in, send out update to bots? If the statistics come from honeypots, of course, it's guaranteed that it's untargeted attacks since such systems only gets hit by attackers scanning large ranges for targets, unless they're placed on ip ranges belonging to a targeted organization.
  
  --
  Emotions! In your brain!
11. Re:Misleading headline by Securityemo · 2011-01-27 05:10 · Score: 1
  
  I can see one reason to use ports besides 80 - not wanting to alert the targets by running afoul of ISP regulations regarding people running webservers on their hosts.
  
  --
  Emotions! In your brain!
12. Re:Misleading headline by mdvolm · 2011-01-27 08:43 · Score: 1
  
  I would counter that water is always wet. Ice is a solid and steam is a gas. Would you ask for extra Frozen-Water-In-A-Solid-Form cubes in your water?
13. Re:Misleading headline by rahvin112 · 2011-01-27 09:07 · Score: 1
  
  Water is absolutely not wet. You need soap to make water wet.
14. Re:Misleading headline by danlock4 · 2011-01-27 10:44 · Score: 1
  
  No wonder wet diapers/nappies are self-cleaning!
  
  --
  To .sig or not to .sig, that is the question.
Hackers by Anonymous Coward · 2011-01-27 02:10 · Score: 0

Wait, when did Slashdot start calling computer criminals hackers?
Hackers Bringing Telnet Back? by crow_t_robot · 2011-01-27 02:12 · Score: 5, Insightful

How can hackers bring telnet attacks back if admins don't run telnet? Should the headline say "Admins are bringing telnet back and getting bitten in the ass for it?"
1. Re:Hackers Bringing Telnet Back? by gsslay · 2011-01-27 02:32 · Score: 2
  
  Probably less a case of admins "bringing it back" and more a case of admins forgetting, or being oblivious to it being there in the first place. More and more admins will have scarcely used telnet ever in their professional lives, and so will overlook its presence on their servers. Ideal for hackers.
2. Re:Hackers Bringing Telnet Back? by heathen_01 · 2011-01-27 02:45 · Score: 3, Insightful
  
  Its stretching credibility that admins won't know about telnet, but sure I can accept that. However I can't accept an admin missing that an unknown service is running and accepting connections on port 23 that the admin is oblivious about.
3. Re:Hackers Bringing Telnet Back? by scorp1us · 2011-01-27 02:56 · Score: 1
  
  What has happened here, is only the outdated, maintained systems are still running telnet. This corresponds to a likely weak password. And if no one is obsoleting it, then no one is really watching it either. It has now become the forgotten-about low-hanging fruit.
  
  --
  Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
4. Re:Hackers Bringing Telnet Back? by scorp1us · 2011-01-27 03:03 · Score: 1
  
  "outdated, UNmaintained systems" - FTFM
  
  --
  Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
5. Re:Hackers Bringing Telnet Back? by Anonymous Coward · 2011-01-27 03:07 · Score: 0
  
  Are they bringing it back or are more devices being added which still support telnet for legacy reasons?
  We switched camera systems due to a standardization effort and now each encoder has telnet open. They should be firewalled from the internet, but a number of times I've found new one which were not properly firewalled.
  Personally, I would like to see them using https as the units support telnet, http, and https. An organization as big as ours really should have a way of distributing certificates from an internal CA with minimal cost. While we're not allowed to call them security cameras, we're no longer allowed to view archive footage for fear we'll leak it, so I think they should be protected better then using telnet.
6. Re:Hackers Bringing Telnet Back? by greed · 2011-01-27 03:38 · Score: 2
  
  Or an admin that has carefully secured a Solaris 10 machine, starting with shutting down telnet and the r* daemons, fingerd and all the other cruft. But then he installs a patch cluster... ...and suddenly all that crap is running again.
  Don't ask me how I know that.
7. Re:Hackers Bringing Telnet Back? by John+Hasler · 2011-01-27 03:56 · Score: 1
  
  > ...overlook its presence on their servers.
  Why are there any services running on their servers that they did not explicitly configure to run?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
8. Re:Hackers Bringing Telnet Back? by SuricouRaven · 2011-01-27 04:08 · Score: 1
  
  Ever seen the default services on a Windows box? A lot of linux distros are almost as bad.
9. Re:Hackers Bringing Telnet Back? by MMC+Monster · 2011-01-27 04:12 · Score: 1
  
  I seem to recall that dd-wrt had telnet installed by default. Probably could only be accessed by the LAN, but still seemed somewhat unusual.
  Hopefully they've stopped doing that. Anyone know for sure?
  
  --
  Help! I'm a slashdot refugee.
10. Re:Hackers Bringing Telnet Back? by Anonymous Coward · 2011-01-27 04:23 · Score: 0
  
  Shudder. I'll give you a terrible example. As an AC.
  At a previous job (past five years) where we wrote SCADA for specific systems over GPRS (2g cellular), we implemented a telnet remote control service in our hardware. Crypto was in fact... forbidden. Because many carriers use NAT, one of three things would commonly happen.
  1) We'd basically use a netcat 'reverse proxy' and telnet out to a predetermined port into a NAT 'gateawy' host that would be world exposed for remote admin by the client. One machine, ~65k ports. It was pretty reliable other than all those open TCP sessions...but you can do amazing things with vmware and NIC pooling. Easier than fixing kernel buffers and all that.
  2) Other carriers we would have our machine on a VPN gateway going to a VPN termination point. That would then act as a router directly into the VPN through port based NAT....
  3) Some devices were wide open on public IPV4 nets. Easy to configure. The customers would even have DNS records by hardware/site/location/state....
  Yes, people bought this. Yes, I would have fired myself as the architect/programmer that made such a 'mistake'. Yes, that was the demand of management, and I was 'just doing my job'
11. Re:Hackers Bringing Telnet Back? by Anonymous Coward · 2011-01-27 04:34 · Score: 0
  
  It is also stretching that there can't be anything else running there. (I looked at their site, but what I found was too much CSI-Miami/New York whatever than useful information) So how do they get the information and what if there is a new botnet opening ports on 23 and other hosts try to connect there. And if that would be true would you still call it telnet (base protocol used, but the server isn't a telnet server)?
12. Re:Hackers Bringing Telnet Back? by DarwinSurvivor · 2011-01-27 04:37 · Score: 1
  
  If it did, they've fixed that now. I just nmap'd my dd-wrt router from both a wireless sytem and wired system connected to my router and nothing is running that I didn't tell to run.
13. Re:Hackers Bringing Telnet Back? by marcosdumay · 2011-01-27 04:46 · Score: 1
  
  I can understant that those admins don't port-scan their machines every time they update them. What I really can't accept is that some distributor activates telnet by default. That's unexcusable.
  
  --
  Rethinking email
14. Re:Hackers Bringing Telnet Back? by John+Hasler · 2011-01-27 05:28 · Score: 1
  
  That doesn't answer the question (assuming we are talking about "professional" admins here).
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Who's bringing Telnet back? by Anonymous Coward · 2011-01-27 02:19 · Score: 1

It's not the hackers that are bringing Telnet back, it's the IT departments that are deploying such services or forget to disable them when devices have it by default. You would think (*hope*) in this day and age that a professional IT department would be aware of such things, but seems our hopes are dashed.
Most devices have alternative connectivity protocols that can be used and at the very least if Telnet must be used, provide a VPN/SSH tunnel to the network from the outside or entertain a more restrictive firewall policy to contain the source IP's on that port to a manageable group.
1. Re:Who's bringing Telnet back? by Stenchwarrior · 2011-01-27 04:22 · Score: 1
  
  I'm bringing telnet back
  Them other boys don't know how to act
  I think it's special what's behind your back
  So turn around and i'll pick up the slack.
  Take em' to the bridge
  [Bridge]
  Dirty babe
  You see these shackles
  Baby I'm your slave
  I'll let you whip me if I misbehave
  It's just that no one makes me feel this way
  Take em' to the chorus
  [Chorus]
  Come here girl
  Go ahead, be gone with it
  Come to the back
  Go ahead, be gone with it
  VIP
  Go ahead, be gone with it
  Drinks on me
  Go ahead, be gone with it
  Let me see what you're working with
  Go ahead, be gone with it
  Look at those hips
  Go ahead, be gone with it
  You make me smile
  Go ahead, be gone with it
  Go ahead child
  Go ahead, be gone with it
  And get your telnet on
  Go ahead, be gone with it
  Get your telnet on
  Go ahead, be gone with it
  [X6]
  Get your telnet on
  [Verse 2]
  I'm bringing telnet back
  Them other boys don't know how to act
  Come let me make up for the things you lack
  Cause your burning up I gotta get it fast
  Take em' to the bridge
  [Bridge]
  [Chorus]
  [Verse 3]
  I'm bringing telnet back
  Them other boys watch while I attack
  If that's your girl you better watch your back
  Cause she'll burn it up for me and that's a fact
  Take em' to the chorus
  [Chorus]
  
  --
  Loading...
2. Re:Who's bringing Telnet back? by marcosdumay · 2011-01-27 04:48 · Score: 1
  
  WTF service have telnet by default?
  On a relaed note, I wouldn't expect professional IT departments to be aware of such things. I'm yet to see a big IT department that knows about all their machines.
  
  --
  Rethinking email
3. Re:Who's bringing Telnet back? by Anonymous Coward · 2011-01-27 05:20 · Score: 0
  
  Lots of devices and machines have Telnet enabled by default... take a look at Cisco gear for starters.
  Most IT departments don't know all of their machines... but they should. Sure they may never touch a specific machine but every device should be initially configured from either an image, master preset base config, or at the very least a decent policy.
  It's pretty sad to realize that this practice isn't the going rate in IT these days, it's like photography.... a heavily polluted field.
4. Re:Who's bringing Telnet back? by marcosdumay · 2011-01-27 06:48 · Score: 1
  
  I agree they should know every machine. And I wasn't talking about machines spreaded through the company, I'm yet to met a big IT department that knows all the machines under their physical reach.
  Now, those devices with telnet by default are things that you keep always plugged to the company-wide lan? It is not so bad to use telnet through a cross-over cable directed connected to another computer, but when the device starts to use or provide lan services, that is a problem.
  
  --
  Rethinking email
Re:What's the problem? by RobbieThe1st · 2011-01-27 02:30 · Score: 1

Mod this guy up! Excellent quote reference.
Re:What's the problem? by camperdave · 2011-01-27 02:42 · Score: 2

... anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.
Ever hear the term honeypot?

--
When our name is on the back of your car, we're behind you all the way!
Slashdot article about telnet in 2011 by Anonymous Coward · 2011-01-27 02:45 · Score: 0

LOL... just LOL...
WTF happened to this place? xD
Are we going to compare the speed of Amiga kickstarts next?
Duh by SJ2000 · 2011-01-27 02:51 · Score: 1

Too many networking manufacturer's still only have their gear accessibly only by telnet. Duh.
In Soviet Russia... by Anonymous Coward · 2011-01-27 02:53 · Score: 0

Telnet hacks YOU!
Re:A tip for management (FTFY) by Anonymous Coward · 2011-01-27 03:14 · Score: 0

telnet google.com 80
Trying 72.14.204.104...
Connected to google.com.
Escape character is '^]'.
Global Thermonuclear War
HTTP/1.0 400 Bad Request
WINNER: NONE a strange game. The only winning move is not to play. How about a nice game of chess?
Content-Type: text/html; charset=UTF-8
Content-Length: 1350
Date: Thu, 27 Jan 2011 14:58:35 GMT
Server: GFE/2.0p>
Get your hackin' on by llManDrakell · 2011-01-27 03:21 · Score: 4, Funny

I'm bringin' telnet back.
Them other protocols don't know how to act.
I think it's special what's inside your rack.
So enable the service and I'll begin to hack.
1. Re:Get your hackin' on by Anonymous Coward · 2011-01-27 10:07 · Score: 0
  
  Take it to the bridge!
  Spanning tree
  You see these packets? Baby I'm your slave.
  I'll let you route me if I misbehave.
  It's just that no one makes me type this way...
  Take it to the switch.
  Come here frame ....
  I have a meeting to go to. Somebody take over.
telnet ain't so bad. by Anonymous Coward · 2011-01-27 03:35 · Score: 0

The main problem I see from the article, if I understood it correctly, is that someone can hop on a "mobile network" and target corporate
servers. Are they referring to an unsecured wireless access point perhaps that has the ability to have packets routed to internal servers?
If so that is the real problem. Not telnet which is normally used by admins who have to manage gear that could possibly be 10+ years old
on a private network that someone cannot just break into and scan. Throw in ACLs if available and attackers cannot even connect to the
port unless in a certain subnet.
Honestly.. if you can have your packets routed to the internal network there is little difference between telnet, ssh, and a web interface.
All three can be brute forced. Sniffing does not get one very far now days with switches being everywhere and attacks on switches are
not trivial to get them to flood ports either. Also having a telnet exploit for anything more then older OS from 8 years ago is also unlikely.
This is just a good rant post for people to get out their pitch forks without much critical thought.
LOL by zoomshorts · 2011-01-27 03:46 · Score: 0

Hundreds of thousands who know how to type to get what they want?
Lame by Anonymous Coward · 2011-01-27 03:50 · Score: 0

This kills me. To make it simple, Telnet protocol hacking never stopped. You can't disable Telnet, you can only disable processes recognized as "telnet servers", but every computer remains both a client and a server no matter what you do. It is impossible to write software that can handle every imaginable condition. Telnet is the original underlying protocol for networking transmissions and just about everything is based on improving and securing the basic telnet network communications protocol. To make it impossible to hack using Telnet you would have to re-write and re-design the entire world wide networking communications infrastructure. After doing that you would still end up with an underlying basic debug architecture that real hackers would rip into immediately and the whole process would have been for naught. If you are connected to a network, any network at all, you have opened your system up to communications. If you can communicate with someone, or something, you can manipulate them/it into doing something they may not want and may not have been designed to do.
Know your RFCs (was Re:who still uses telnet?) by Xenophon+Fenderson, · 2011-01-27 03:56 · Score: 2

Just to be clear, TELNET and TCP are not synonymous. The FTP command channel uses TELNET as a session protocol, transported by TCP with the server usually listening on port 21. Conversely, SMTP and HTTP are their own session protocols, probably because TELNET isn't 8-bit-clean. This is why netcat, which normally uses raw TCP sockets, has a command-line option specifically for interoperation with TELNET and TELNET-based protocols.
Best wishes,
Matthew

--
I'm proud of my Northern Tibetian Heritage
You insensitive clod! by PPH · 2011-01-27 04:00 · Score: 1

******** IS my password!

--
Have gnu, will travel.
Well so use stunnel by Anonymous Coward · 2011-01-27 04:14 · Score: 0

If the software requires a telnet connection, use stunnel or openvpn to encrypt the traffic. Of course this wont work on old Cisco routers and the like. But on nix and windows servers there is no excuse!
This is why... by Anonymous Coward · 2011-01-27 04:15 · Score: 0

This is why I wish they would get rid of telnet at work and start using ssh like a normal person.
They are forgetting something... by CoolVibe · 2011-01-27 04:16 · Score: 4, Insightful

Seeing traffic on port 23 does not mean telnet is involved. I know some people who run their SSH daemon on that port to lessen the stupid ssh scans.
1. Re:They are forgetting something... by Anonymous Coward · 2011-01-29 04:08 · Score: 0
  
  Wouldn't it be smarter to run SSH on a randomly selected high number port?
Can't teach an old dog... by Anonymous Coward · 2011-01-27 04:53 · Score: 0

Telnet is a great protocol for testing connections and common cleartext services - as a firewall engineer for a major telecom I use it constantly. As a security professional, I've fought with folks using telnet and ftp in production environments for over a decade - ssh/scp/sftp/curl replaces all these excellently in most modern environments, and most folks fear it. The problem is this: Not everything is upgraded quickly, and a great many old dogs refuse to learn new tricks. I worked in security in the financial field for more than 10 years, and telneting to an IBM AIX box as root is commonplace - often the root password is printed in the "emergency procedures" notebooks at many banks and credit unions as well - on the shelf of all admins and admin wannabe's. In the telcom industry, I can also say that a great amount of equipment still uses telnet for device management - SSH is there, but the old dogs running things just haven't had the time to learn the new tricks that us security guys live and breathe, and the vendors themselves are just as guilty for still allowing telnet management on their gear by default. If it wasn't for rancid, svn and puppet, we'd still probably have telnet on some of our Cisco gear...
Vulnerable telnetd again? by Culture20 · 2011-01-27 05:10 · Score: 1

Maybe oracle released a new version of solaris with a vulnerable telnetd on by default again?
Printers? by Culture20 · 2011-01-27 05:49 · Score: 4, Informative

I just realized; almost every network printer out there uses telnet for remote configuration. Maybe there was a new vulnerability found on a specific type of printer that allows forwarding of the printed pages back to the script kiddies?
1. Re:Printers? by Anonymous Coward · 2011-01-27 08:14 · Score: 0
  
  Yep, I guess you didn't see that other article in the financial press about how the latest vulnerability for businesses are their network ready smart printers.
2. Re:Printers? by Anonymous Coward · 2011-01-27 20:49 · Score: 0
  
  Correction: offers telnet for remote configuration. Would you agree that a network admin's job description includes disabling unused and/or vulnerable services, especially on interfaces exposed to the Internet? And who is dumb enough to hook up a printer with factory-default configuration directly to the Internet anyway?
3. Re:Printers? by Anonymous Coward · 2011-01-28 02:54 · Score: 0
  
  actually, the newer ones use http, and if they are really secure, https. But yes, the older HP JetDirects used telnet. lexmarks accept an ftp connection
Re:What's the problem? by Jello+B. · 2011-01-27 06:02 · Score: 1

so all i have to do is post old, tired quotes to get modded up so high that EVERYBODY has to read my dumb bullshit

way cool slashdot
Step aside, amateur by GameboyRMH · 2011-01-27 06:09 · Score: 1

You lazy ass, I came in here to do that, and you do it first and can barely be bothered to change the lyrics at all!?
This is how it's done:

I'm bringing telnet back
Them other boys don't know how to hack
I can get right into your server rack
And you won't find me 'cuz I'm proxied back
Take 'em to the bridge
[Bridge]
N00b named Dave
You see this process
I make it my slave
It doesn't matter how I misbehave
The fact is no one can stop me this day
Take em' to the chorus
[Chorus]
Come here PERL
Look at me pwn'in it
Fall for my hack
Look at me pwn'in it
telnetd
Look at me pwn'in it
Loot for me
Look at me pwn'in it
Let me see what ya workin' with
Look at me pwn'in it
Look at those disks
Look at me pwn'in it
They make me smile
Look at me pwn'in it
I take your files while
Look at me pwn'in it
I get my telnet on
Look at me pwn'in it
Get my telnet on
Look at me pwn'in it
[X6]
Get my telnet on
[Verse 2]
I'm bringing telnet back
Them other boys don't know how to hack
See how I doctor all the logs you track
Cause I won't let you know the fix you lack
Take em' to the bridge
[Bridge]
[Chorus]
[Verse 3]
I'm bringing telnet back
Them other boys watch while I attack
If that's your server better watch your back
Cause I will root your box and that's a fact
Take em' to the chorus
[Chorus]

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
1. Re:Step aside, amateur by Stenchwarrior · 2011-01-27 06:38 · Score: 1
  
  Some of us have to work. I don't have time for much more than a simple find and replace. No one's gonna mod either one of us up anyways, cause then they'd have to admit they know the song.
  
  --
  Loading...
Telnet vs. SSH by DocSavage64109 · 2011-01-27 06:16 · Score: 1

For local networks, does the difference between SSH and Telnet really matter?
The only difference is encryption. The attacker would still need the password, and with modern switches, it's impossible to steal the password without directly adding hardware somewhere along the chain of equipment directly between the two endpoints. (unless they've hacked your switch, i suppose)
I believe the real point of the article is that easy logons & passwords on Telnet are a significant security risk, especially on wifi accessible networks.
1. Re:Telnet vs. SSH by Anonymous Coward · 2011-01-27 06:40 · Score: 0
  
  Yes. Please Google:
  ARP Spoofing
  MAC Flooding
  MAC Duplicating
  Its trivial to sniff a plaintext password even in a switched lan.
2. Re:Telnet vs. SSH by Late+Adopter · 2011-01-27 08:07 · Score: 1
  
  You can't use passwordless public-key authentication on stock Telnet. Also the lack of X tunneling might be an issue if there's a firewall in the way.
3. Re:Telnet vs. SSH by Ash-Fox · 2011-01-27 09:47 · Score: 1
  
  You can't use passwordless public-key authentication on stock Telnet.
  NTLM actually makes it possible, which is on the stock telnet client in Windows since NT days.
  
  Also the lack of X tunneling might be an issue if there's a firewall in the way.
  In a *nix environment, you can open new telnet sessions and each session can be used to pipe data to/from a specific port on the remote machine, not really hard.
  
  --
  Change is certain; progress is not obligatory.
hey, wait a minute,..... by hesaigo999ca · 2011-01-27 08:36 · Score: 1

>A new report from Akamai Technologies (CT: Requires login)...
Would that be a telnet login , or ....
OpenBSD by Mana+Mana · 2011-01-27 10:26 · Score: 1

~We made openssh so that fucking legacy rash will die!~ --Theo deRaadt
Telnet = lower attack surface by Anonymous Coward · 2011-01-27 11:00 · Score: 0

I agree SSH is better than telnet and there is very little reason not to use it but I'm going to play devils advocate anyway.
There have been significant SSH specific remote expliot vulnerabilities in the past. Telnet has less moving parts - less to go wrong, less to attack.
Lets not forget SSH is only "secure" if you "assume" the initial leap of faith has not been compromised. If your connecting to a host for the first time via ssh or via telnet the only difference from a security perspective is the one you have incorrectly painted in your own mind.
1. Re:Telnet = lower attack surface by maxwell+demon · 2011-01-27 20:32 · Score: 1
  
  I agree SSH is better than telnet and there is very little reason not to use it but I'm going to play devils advocate anyway.
  There have been significant SSH specific remote expliot vulnerabilities in the past. Telnet has less moving parts - less to go wrong, less to attack.
  Lets not forget SSH is only "secure" if you "assume" the initial leap of faith has not been compromised. If your connecting to a host for the first time via ssh or via telnet the only difference from a security perspective is the one you have incorrectly painted in your own mind.
  No. If you connect to a host for the first time with telnet, your password goes through the network in clear, so all an attacker needs to get the password is a network sniffer. If you connect to a host for the first time with ssh, your password goes through the network encrypted, thus the only way for the attacker to get it is a man-in-the-middle attack. The latter is clearly more difficult (you have to alter something in the network, instead of just listen).
  You are right that when connecting for the first time, SSH doesn't protect you from a man-in-the-middle attack (unless you already know the SSH key fingerprint of the connected-to host and take the effort to manually check it before accepting the key). But that doesn't imply that on first connect, SSH had no security advantage over telnet. Just having the password (and the traffic!) encrypted is a big security advantage.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
Re:A tip for management (FTFY) by oobayly · 2011-01-27 11:31 · Score: 1

I decided to try this just in case somebody in Google was having a laugh. Pity.