Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Bringing Telnet Back

Posted by CmdrTaco on from the gopher-still-dead dept.

alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks. The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."

12 of 238 comments (clear)

  1. People stopped using Telnet? by Raxxon · · Score: 4, Insightful

    I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

    1. Re:People stopped using Telnet? by Ephemeriis · · Score: 4, Insightful

      I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

      Sure, the telnet client is useful. I use it all the time for those very same reasons.

      But actually running a telnet server and allowing incoming connections on port 23? Nope. Stopped doing that for everything I could years ago, switched to SSH on everything that would support it. The things that wouldn't support it were all tucked away on our inside network. I've got nothing facing the world that'll accept connections on port 23.

      --
      "Work is the curse of the drinking classes." -Oscar Wilde
    2. Re:People stopped using Telnet? by XorNand · · Score: 4, Insightful

      netcat ("nc" on most Linux distros) provides the same functionality. However, it's also more flexible in that it allows you to test UDP ports and you can easily set it up to listen for incoming connections on an arbitrary port. It's a great tool for troubleshooting firewall issues.

      --
      Entrepreneur : (noun), French for "unemployed"
  2. A tip for management by goodmanj · · Score: 5, Insightful

    If you manage your company or institution's IT department, please do the following:

    Step 1: Turn on "telnet" on your PC. (Of course you Windows, you're management, right?)
    Step 2: Try to "telnet" to your company's website, or to any other machine or service names your underlings bandy about.
    Step 3: If you don't see "Connection refused" every time, FIRE EVERYONE WHO REPORTS TO YOU.

  3. Misleading headline by antifoidulus · · Score: 4, Insightful

    Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

    --
    Monstar L
  4. Hackers Bringing Telnet Back? by crow_t_robot · · Score: 5, Insightful

    How can hackers bring telnet attacks back if admins don't run telnet? Should the headline say "Admins are bringing telnet back and getting bitten in the ass for it?"

    1. Re:Hackers Bringing Telnet Back? by heathen_01 · · Score: 3, Insightful

      Its stretching credibility that admins won't know about telnet, but sure I can accept that. However I can't accept an admin missing that an unknown service is running and accepting connections on port 23 that the admin is oblivious about.

  5. Re:Good ole days by John+Hasler · · Score: 4, Insightful

    If telnet reminds you of when you were young you aren't old.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  6. Re:who still uses telnet? by Runaway1956 · · Score: 3, Insightful

    Right on target. I've witnessed many a clerk in a shipping/receiving department using telnet to connect to a server. Not just in-house, but often times across the country. People put those computers in place, and set up their systems 20 years ago, or more, and they aren't about to change. "Don't fix what ain't broke!"

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  7. Re:who still uses telnet? by Tanktalus · · Score: 3, Insightful

    That's not a good reason to use telnet. That's a good reason not to use Godaddy.

    (Using dreamhost.com here, and I use ssh and rsync-over-ssh to do all of that... I wonder if sshfs would work, I imagine it would.)

  8. Re:who still uses telnet? by SuricouRaven · · Score: 3, Insightful

    Would you like to drop the firewalls, then? Perimeter security isn't a complete security solution, but it's still a major part.

  9. They are forgetting something... by CoolVibe · · Score: 4, Insightful

    Seeing traffic on port 23 does not mean telnet is involved. I know some people who run their SSH daemon on that port to lessen the stupid ssh scans.