Hackers Bringing Telnet Back

alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks. The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."

who still uses telnet?

who still uses telnet?

Re:who still uses telnet?

[SirGarlon]

I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.

Re:who still uses telnet?

[nharmon]

People who don't know how to set up SSH.

Re:who still uses telnet?

[maotx]

I do whenever I need my Star Wars Fix. Just telnet to towel.blinkenlights.nl.

Re:who still uses telnet?

[AaxelB]

The only ones I'm aware of are those who play Nethack (or its variants) on a server like nethack.alt.org :)

Re:who still uses telnet?

You obviously don't work in a large enterprise that insists on using broken terminals that only do telnet. Its kinda like ftp. You want to get rid of it, but there are always some assholes who continue to use broken clients.

I have to post this anonymously for the safety of my job.

Re:who still uses telnet?

[Skywings]

I wouldn't have imagined that in this day and age there would many servers out there still with an active telnet service but I do know that a few ADSL modems out there and the odd network attached device. If you run a server and you leave your servers wide open you are asking for trouble. I've learned my lessons the hard way as I blundered my way into setting up my own LAMP based webserver and leaving openings wider than the Grand Canyon. When you're 15, a little knowledge can me dangerous. To cut a long story short, a lot of data was lost and a lot of time was wasted getting thing back up and running. Dumb things I did included opening up telnet to the world, trivial passwords, same passwords used everywhere and allowing root to login from telnet.

Re:who still uses telnet?

[peragrin]

SSH isn't always an available option.

At work our primary application is a telenet app that logs into a specific server. Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back in). We tried to upgrade to more secure connection but found the clients to be lacking about 1/2 the features found in the simple telenet client. We were told some of those features might be in the next release or two in three - five years.

Since businesses get locked into vendor lock-in pretty hard it is very tough to move out. You get stuck doing things insecurely or working around bad security because upgrading isn't possible without millions of dollars being spent uselessly(paying a vendor to bring their applications up to the year 2000 standards).

I know of one company that used Win16 subsytem as a vital part of their application up until last year. they refused to upgrade it because it worked even though in order to install the application on windows XP often required rebooting into safe mode to bypass enough security to let it install. This Application was the only way to work with their product line too with quarterly updates to the data it contained. Oh and you have to upgrade the entire application in order to update the data inside.

It is those kinds of practices that make obsolete tech like telenet still exist.

Re:who still uses telnet?

[Chapter80]

I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.

Telnet to other ports is a GREAT way to learn how protocols work.

Here are some exercises: From a DOS prompt, try:

C:> telnet www.google.com 80
GET

GET won't be echoed, but you can see the retrieval of a web page. You can try all commands that are part of the HTTP protocol, including the exchange of cookies, posting data, etc.

Or try telnet-ing into a pop server.

Re:who still uses telnet?

[zigurat667]

Thanks for sharing! That really is a viable excuse for using telnet.

Re:who still uses telnet?

[hydrofix]

You might have better success with even a semi-valid HTTP/1.1 request such as

GET / HTTP/1.1
Host: www.google.com

Also, using telnet here is redundant. You should consider using one of the several netcats available. Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).

Re:who still uses telnet?

[morgan_greywolf]

In addition, a lot of switches and other network equipment still don't have SSH. Even switches only a couple of years old.

Re:who still uses telnet?

[Lumpy]

Godaddy.com

ALL of their hosting has telnet and open FTP you have to specially request SSH and SFTP.

Re:who still uses telnet?

[bball99]

but hey, it's fun to watch on a honeypot under emulation! :-)

Re:who still uses telnet?

[0123456]

My webcam used to have the telnet port open and would drop you straight into a root shell if you connected to it (no password required). Fortunately the new firmware fixed that.

Re:who still uses telnet?

[Onuma]

I have to post this anonymously for the safety of my job.

If you're worried about potentially losing your job over that type of comment, then I hope you're not posting this from work ...

Re:who still uses telnet?

[Runaway1956]

Right on target. I've witnessed many a clerk in a shipping/receiving department using telnet to connect to a server. Not just in-house, but often times across the country. People put those computers in place, and set up their systems 20 years ago, or more, and they aren't about to change. "Don't fix what ain't broke!"

Re:who still uses telnet?

[zach_the_lizard]

This is the case with certain Cisco IOS versions. It has to be a crypto version of IOS to support SSH.

Re:who still uses telnet?

[hesiod]

I know it's not always a realistic option because of politics or policy, but if your switches can't do SSH, I suggest you change brands.

Re:who still uses telnet?

[MrVictor]

Just a nitpick but that HTTP request is still invalid.

GET / HTTP\1.1 Host: www.google.com

Re:who still uses telnet?

[Tanktalus]

"Don't fix what ain't broke!"

The problem is often that they don't realise it's "broke (sic)". That is often the issue. When you bring in a physical item in more pieces than it's supposed to be, that's easy to tell that it's broken. When it's a stream of digital pulses, not so easy, unless your target is technologically aware, and not always even then. I still have problems convincing otherwise smart people to use placeholders in their SQL instead of concatenation.

Re:who still uses telnet?

[thePowerOfGrayskull]

Telnet clients are useful, especially for testing out text based protocols.

Telnet on the server... well, I run it sandboxed to my LAN for testing BBSSH, but that's about it. However, it's probably safe to say that there are a lot of legacy devices (just just servers) which do provide access via telnet.

Re:who still uses telnet?

[Tanktalus]

That's not a good reason to use telnet. That's a good reason not to use Godaddy.

(Using dreamhost.com here, and I use ssh and rsync-over-ssh to do all of that... I wonder if sshfs would work, I imagine it would.)

Re:who still uses telnet?

[arose]

A couple years old? Who made that buying decision?

Re:who still uses telnet?

[Yvanhoe]

We were told some of those features might be in the next release or two in three - five years.

I may sound like a preacher, but that is exactly why you want to use open source software in as many aspects of your company as possible : to develop the features you lack at a given point without depending on a dozen of third parties who can't agree with each others. I know you probably aren't the one making the decision, but that is a point to regularly make : "if you had used the open alternative, we could have added this feature. Now we can't and need to wait for another company's goodwill".

Re:who still uses telnet?

[medv4380]

My Modem has a telnet remote access if it's turned on and way back the Cisco 675 had it as well and someone could attack it and get in if the owner never turned telnet on so I would suspect they maybe hitting devices that have telnet that the user hasn't locked out yet.

Re:who still uses telnet?

[hydrofix]

You don't have to nitpick because you are wrong.

Re:who still uses telnet?

[sglewis100]

I know it's not always a realistic option because of politics or policy, but if your switches can't do SSH, I suggest you change brands.

Why? Heck, in some small companies even telnet is too sophisticated. Not everyone needs managed switches. My house lives without 'em.

Re:who still uses telnet?

[hardburn]

It's about the only way to config some old office laser printers.

Re:who still uses telnet?

[Bert64]

The telnet *client* is extremely useful to talk raw protocol to a service, very good for debugging etc...

Running a telnet service on the other hand, is sadly still very common... Lots of networking equipment these days still only has telnet and no ssh support... Even where SSH support is available, sometimes only telnet is enabled by default, sometimes ssh costs extra etc... And there are plenty of people who are used to using telnet and won't consider anything else regardless of what benefits it might provide.

Also, windows still only comes with a telnet client, probably the last os that doesn't include ssh by default - which also makes ssh more troublesome to use from some random workstation.

Re:who still uses telnet?

[peragrin]

Let's see spend $100,000 every 20 years to upgrade the software or spend $50,000 a year to pay someone to do it in house, and still get a vendor locked in solution, but only now you are the vendor.

Re:who still uses telnet?

[fishbowl]

No doubt someone they hired after dropping a thousand resumes of qualified applicants on the floor.

Re:who still uses telnet?

[mlts]

I had to deal with a similar setup a few years ago. What I did was put them on their own Ethernet segment that was completely isolated from everything but one machine. Even the subnet had a separate hardware switch so there was no way (other than physical access or compromise of the telnet server) that the unencrypted traffic could be intercepted. This machine was what people telnetted into, then ssh-ed out from to do work. This way, the only real weak link were the paths from the terminals to the switch, and the switch to the telnet server.

Of course, this may not be possible in all environments, but putting a box that is just used for telnetting into and either directly connecting terminals to that box via crossover cables, or using a good switch may help mitigate things.

Re:who still uses telnet?

[SuricouRaven]

Would you like to drop the firewalls, then? Perimeter security isn't a complete security solution, but it's still a major part.

Re:who still uses telnet?

[blacklint]

Maybe he means "safety of my job" as in "so no one knows to telnet into our horribly insecure systems"?
In which case, being anonymous would seem like a good idea :)

Re:who still uses telnet?

[Bert64]

Whats wrong with telnet as a client?
Netcat implementations often don't indicate wether a TCP connection has been established or not (or require extra parameters), which is why i generally use telnet for such things. Also telnet is present on virtually any os and most other network devices, netcat not so much.

Re:who still uses telnet?

[ThatMegathronDude]

There are laws controlling the export and import of encryption technology in many countries. These laws restrict the sale and use of SSH; therefore, you have to differentiate your products if you want to sell in certain markets.

Re:who still uses telnet?

[Tetsujin]

who still uses telnet?

Hackers! Didn't you read the summary?

Re:who still uses telnet?

[jonwil]

In some cases there may be a company-wide ban on the use of encryption and in particular encryption that leaves the company network (it may sound stupid but I HAVE seen it before). So Telnet is the only approved way to access servers and things (especially stuff outside the normal company network such as machines hosted in a colo or something)

Re:who still uses telnet?

[Kosi]

I have to post this anonymously for the safety of my job.

Or you could have written "change-resistant people" instead of "assholes". :-)

It wouldn't matter if these idiots weren't way too often in a position where they are able to push their stupidities through, sometimes even when it's against company policy.

Re:who still uses telnet?

[arose]

Dropping firewalls because perimeter security is insufficient is like dropping authentication for remote access altogether because telnet is easily sniffed. In short, you misread me.

Re:who still uses telnet?

[dov_0]

I use telnet for configuring my routers. That's about it. For my server I use SSH.

Re:who still uses telnet?

[hubie]

Yeah, but dreamhost doesn't run commercials suggesting that Danica Patrick will take her top off for you.

Re:who still uses telnet?

[cbiltcliffe]

Let's see spend $100,000 every 20 years to upgrade the software

You're an idiot.

$500,000 every 5 years, maybe. Then there's all the consulting and troubleshooting costs to get some antiquated piece of crap that was released last year to run on a 5 year old OS which is way more advanced than that application is capable of running on.

You've obviously never dealt with niche market enterprise level software.....

Re:who still uses telnet?

[mldi]

I really don't see what the problem is with telnet. If it works, use it.

Re:who still uses telnet?

[Celestialwolf]

I do webhosting support, and constantly use telnet to make sure a given server is listening on various ports (21, 22, 110, 587, etc.) .

In other news

[mvar]

Number of incompetent administrators who still use the telnet protocol rises. More at 11

Re:In other news

[TheRaven64]

Does it even count as hacking? Running a telnet service should count as granting random people authorised access.

Re:In other news

[Rob+Kaper]

Does it even count as hacking? Running a telnet service should count as granting random people authorised access.

No more than running an FTP, SMTP, POP, IMAP or HTTP service without proper SSL/TLS/digest enhancements. All of them still industry standards, even the bare versions. But that's okay, the more ICT incompetence on this planet the more money I/we can make, right?

Re:In other news

[CastrTroy]

Well, to be a little more precise, FTP, SMTP, POP and IMAP don't give you command line (root) access to the computer you happen to get access too. If you break into an FTP Server, you only have access to the files that are put up on the FTP directories of that server. And possibly the right to upload new files. Which is a little less problem then having root access to the entire server. Same goes for all the other services you mention. I will have to give you this. I don't think Telnet is really that bad of a thing overall. If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH. Sure there's the whole MITM attack vector, but that's way too complicated considering the number of easy to attack machines there are out there.

Re:In other news

[multisync]

Does it even count as hacking?

No.

I saw the headline, and thought the story was about hackers finding some new and novel use for telnet. You know, hacking.

But it's just another article about infected Windows machines using brute force attacks on port 445 and - apparently - 23. You know, "hacking."

Here's my favorite part:

Administrators are generally advised to disable Telnet if the protocol is not used to prevent attacks targeting it, but some forget.

As Steve Martin once said, "I'm sorry officer, I forgot armed robbery was illegal."

Re:In other news

[Rob+Kaper]

The telnet protocol itself doesn't give you access either, that all depends on what kind of shell (if any) and privileges (if any) you attach to it.

The reason why I mentioned the other protocols is that access to the files and data available through those can be harmful enough to an organisation. Potentially more harmful than user privileges on a server with resource limits and no exploitable software installed.

Re:In other news

[vasqzr]

Being able to upload a file via FTP might be all you need to run an exploit and get root access. Or download the password file. Maybe get the password by sniffing an FTP session that is also used in another part of the system.

Re:In other news

[Bert64]

Telnet, FTP, POP and IMAP will give someone sniffing the network access to the user and password you are using to connect to the service...

Wether that is a root login or some other user is by the by. Someone could easily be using their root password via FTP and that would be just as dangerous as doing it over Telnet.

Ofcourse it all depends on what the service is used for, a telnet service doesn't have to require authentication or provide a shell. It might simply provide a screen full of information, or an ascii version of starwars.. Similarly, unencrypted HTTP is perfectly fine for anonymous distribution of information.

Re:In other news

[mvar]

If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH.

Except that your password is sent in clear-text over Telnet.

Re:In other news

[maxwell+demon]

The admins are not the hackers (exceptions surely exist). It's more like: "Oh, yes, it would have been a good idea to close the door of the safe. Too bad the thieves found out it was open ..."

Re:In other news

[CastrTroy]

But like I said. The MITM attack is hard. The difficulty in catching the password as it travels over the network is eclipsed when compared to the fact that there's probably and equally tempting SSH machine sitting behind the password "123456". Why bother with the complexities of performing a MITM attack when you can just depend on clueless users to supply you with an easy to compromise machine.

Re:What's the problem?

[dkleinsc]

Right, but when you type hunter2, we just see *******.

On another note, anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.

People stopped using Telnet?

[Raxxon]

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

Re:People stopped using Telnet?

[Notquitecajun]

You play a MUD still, too. Admit it.

Re:People stopped using Telnet?

[omglolbah]

Lensmoor.org port 3500

Shameless plug. Fun place to hang ;)

Re:People stopped using Telnet?

[mvar]

Yes the telnet client is really useful, but its the server that has some..uhm.."issues".

Re:People stopped using Telnet?

[Ephemeriis]

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

Sure, the telnet client is useful. I use it all the time for those very same reasons.

But actually running a telnet server and allowing incoming connections on port 23? Nope. Stopped doing that for everything I could years ago, switched to SSH on everything that would support it. The things that wouldn't support it were all tucked away on our inside network. I've got nothing facing the world that'll accept connections on port 23.

Re:People stopped using Telnet?

[SuricouRaven]

muck.furry.com 8888

Re:People stopped using Telnet?

[vagabond_gr]

I'm using telnet for ssh too. Doing RSA in your head is a bit tricky at first, but once you get used to it it's really convenient.

PS. For a real challenge try to PPP authenticate over dial-up using your voice.

Re:People stopped using Telnet?

[SuricouRaven]

Also spr.ctrl-c.liu.se 23. Lots of geeky types there.

Re:People stopped using Telnet?

[afallowhorizon]

Hey there Xanter ;)

Re:People stopped using Telnet?

[LordLimecat]

So you mean telnet the program, not telnet the protocol-- what the article was about?

Re:People stopped using Telnet?

[lahvak]

The things that wouldn't support it were all tucked away on our inside network

I didn't read the article, but I wonder is this is exactly what it is about. The summary mentioned the use of mobile devices. I wonder if it goes like this: bring a phone to a building, manage to connect to a purely secured wireless network, find a device that has port 23 open, ..., profit!

Of course, if you van get to it from the wireless network, it is not really safely tucked away.

Re:People stopped using Telnet?

[enec]

That's easy play. I surf the web by licking the ethernet cable.

Re:People stopped using Telnet?

[jhesse]

bbs.iscabbs.com

Re:People stopped using Telnet?

[XorNand]

netcat ("nc" on most Linux distros) provides the same functionality. However, it's also more flexible in that it allows you to test UDP ports and you can easily set it up to listen for incoming connections on an arbitrary port. It's a great tool for troubleshooting firewall issues.

Re:People stopped using Telnet?

[Tolleman]

Who doesn't? These modern MMORPG games are just MUDs for the dyslexic.

Re:People stopped using Telnet?

[annodomini]

You might want to look into using Netcat (or socat) for this purpose; more flexible if you want to pipe the output through something like grep or tee, and it won't mistakenly try to interpret certain characters according to the Telnet protocol.

Re:People stopped using Telnet?

[Dunbal]

Ahh but can you whistle 300 baud?

Re:People stopped using Telnet?

[MacGyver2210]

moo.sindome.org:5555

Re:People stopped using Telnet?

[TheRaven64]

Telnet is fine for testing whether a port is open, but most of the time you want to use SSL. openssl s_client -connect is roughly equivalent to telnet, but also does the TLS handshake for you.

Re:People stopped using Telnet?

[The+Moof]

Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors

If you're testing user accounts, or logging into your POP3 box to check those mail headers, you may want to consider not using the telnet client anymore. You're potentially compromising any accounts you log into the same as you would with telnet accounts. Your server should be configured to use TLS/SSL for clients, and you can debug them telnet-style with the s_client (in the OpenSSL suite).

Re:People stopped using Telnet?

[jayme0227]

revengeofthejedi.com port 9400

Ok, so I haven't played it in a few months, but I always seem to return.

Re:People stopped using Telnet?

[Jon+Stone]

Simple 3-way handshake and boom, datastream.

Then you're not using the telnet protocol. Telnet does a certain amount of negotiation at connection to pass through environment variables and the like to the server. Most clients automatically skip this if the server port is not 23.

Re:People stopped using Telnet?

[DavidTC]

Ah, but some of those now support SSL connections.

Re:People stopped using Telnet?

[Securityemo]

You might want to look into NMaps scripting features if you have the time. It's designed to implement exactly that kind of stuff.

Re:People stopped using Telnet?

[1s44c]

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

But you don't use it to telnet to port 23 and login to a system with a username and password. That appears to be what this story is about.

Yes the telnet binary is still very useful just not for carrying passwords though public networks.

Re:People stopped using Telnet?

[rickb928]

Yes, and my level 283 Ninja is a lot more fun than your level 546 Scavi. Deal with it.

Re:People stopped using Telnet?

[Archangel+Michael]

If you allow unknown machines on your wireless in your office,you're not properly secure. We have unsecured wireless in our offices, but they are all on a VLAN that can only go out to the iNet.No corporate networks are accessible. And if you need more security than that, multiple firewalls and DMZs and Intrusion Detection Systems.

Re:People stopped using Telnet?

[Carewolf]

When bring a wire and connected to your wired network. If you can have a security breach simply by someone being on the same network you have security problem.. Ohh. look: Your manager just downloaded a trojan he thought was porn == hacked.

Re:People stopped using Telnet?

[SuricouRaven]

Which makes Second Life a MUCK for the dyslexic. And those of short attention span.

Re:People stopped using Telnet?

[ZorinLynx]

furry.com 8888

Since 1995! Some things never change. :)

(though in reality these days the TinyMUCK server supports SSL and I definitely use it)

Re:People stopped using Telnet?

[trollertron3000]

Of course I can. I got a captain crunch whistle embedded in my larynx.

Re:People stopped using Telnet?

[StikyPad]

PAP, CHAP, or EAP?

Re:People stopped using Telnet?

[ZorinLynx]

Meow. :) Long time no see!

Re:People stopped using Telnet?

[mattrwilliams]

Simple 3-way handshake and boom, datastream.

Actually, that isn't quite true.

After the TCP handshake, Telnet will negotiate options related to the session (see the command structure defined in RFC 854). These are done with high byte values (240 through 255) and control things like local echo. If the service you are talking to doesn't correctly ignore these sequences, then they can corrupt the data stream.

netcat is generally a better choice for connecting to generic services that use ASCII command sets.

Re:People stopped using Telnet?

[Pharmboy]

The telnet server doesn't have issues. If all you need is a completely insecure way to connect to a machine, you can't beat telnet. It has been around forever, every OS has a client, completely open standard, and it is very fast and easy to use. Even better than ssh.

If you are foolish enough to setup a telnet server that faces the INTERNET, well then, the problem isn't the daemon, it is the administrator. Point being that there are still some uses where telnet might be appropriate and perfectly functional, as long as the boxen are facing in, and not out toward the real world.

Re:People stopped using Telnet?

[severoon]

I'm bringing telnet back (what?)
them other hackers dunno how to act (what?)
i got fat pipe so i tcp ack (what?)
i rock a botnet, you best watch your back (packets thru the bridge!)

Re:People stopped using Telnet?

[yyttrrre]

For an added bonus try POE.

Re:People stopped using Telnet?

[Hawke666]

Netcat is not the same as netstat. However, netcat does have the disadvantage of not being nearly so ubiquitous.

Re:People stopped using Telnet?

[Menkhaf]

...or watch Star Wars...

towel.blinkenlights.nl 23

Re:People stopped using Telnet?

[nblender]

You joke... When I was a kid, my 300 baud acoustic coupler had a little lever you had to lift up and pivot to simultaneously clamp down the handset and if you lifted it further, it would initiate outgoing carrier instead of listening for carrier... The contacts on the second level were trashed by some previous knucklehead so if you were trying to initiate a dialup session with someone calling you (a friend to trade some Apple-][ warez), I couldn't get my coupler to initiate... So I had to figure out how to whistle the 300baud carrier to get the other modem to start.. Then I could clamp down my handset and start xmodem... Get off my lawn.

Re:People stopped using Telnet?

[Archangel+Michael]

Not if you run your network like I do.

Ports are OFF until I know what is being plugged into them. Then I can apply the right VLAN to them and keep the systems safe that need to be safe.

And if your boss is running PORN and getting Trojans, then you put him on his own VLAN where it cannot hurt you, and you use Citrix client to give him access to protected systems to keep him isolated.

The cost of protecting the network is only thing preventing people from doing it. In many cases, the cost isn't worth it, until it is too late. And that is why it is called "too late"

Re:People stopped using Telnet?

[rahvin112]

I on the other hand have no port 22 active and all my SSH services operate on port 23. Exploitation scripts then need the intelligence to recognize a SSH response on the telnet port.

Probably doesn't filter very many attacks but it's just that little extra bit to confuse the idiots.

Re:People stopped using Telnet?

[EvilBudMan]

Nope it's useful inter office but gets firewalled otherwise. I wonder if the library's still use it?

Re:People stopped using Telnet?

[danlock4]

I think goatse.cx would only cause musings of blackhole routers to dance in one's head.

Re:People stopped using Telnet?

[Onymous+Coward]

Sh! (Meaning, be quiet!)

Re:People stopped using Telnet?

[oobayly]

Have you tried using Telnet on Vista or Win7? For some insane reason MS decided not to install it in the default distribution:

As time has passed, fewer users use telnet. Thus, to decrease the foot print as well as the attack surface, we decided to make it an optional component.

The server was never (as far as I can recall) enabled by default on Windows, and the client's footprint is fairly negligible compared to that of the OS. It also takes bloody ages to install for some reason, it's far quicker to download putty.exe on Vista/Win7 and use that instead.
I now keep a USB drive on me containing Wireshark, Process Explorer, TCPView & PuTTY, so I can actually get things done

Re:People stopped using Telnet?

[Pharmboy]

I haven't tried using the stock telnet client until just now. I use Putty on winboxes anyway, but it is pretty stupid to delete the telnet client in the OS. MS has a habit of deleting features that are handy. Like their cardfile.exe from Win3.1 that got dropped in 95, etc., as well as NOT providing symbolic links/shortcuts for old programs that have been superseded.

Re:People stopped using Telnet?

[XCondE]

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

You use a telnet application/client; you might as well have been using netcat or any other TCP client. I doubt many people still have telnet servers running (emphasis on many).

Re:People stopped using Telnet?

[nametaken]

Holy crap, Cap'n Crunch posts on slashdot?

Re:People stopped using Telnet?

[tom17]

DOH! Misread that. Not used netcat before. I think now that it's been mentioned to me before but I read it as netstat lol. oops.

But yeah, it's not ubiquitous... it's not on our Solaris or aix boxes. Telnet client still wins :)

Re:People stopped using Telnet?

[Lord_Byron]

There are other ways to do that: http://netcat.sourceforge.net/

That said, as long as the telnet client is already installed, I see your point.

A tip for management

[goodmanj]

If you manage your company or institution's IT department, please do the following:

Step 1: Turn on "telnet" on your PC. (Of course you Windows, you're management, right?)
Step 2: Try to "telnet" to your company's website, or to any other machine or service names your underlings bandy about.
Step 3: If you don't see "Connection refused" every time, FIRE EVERYONE WHO REPORTS TO YOU.

Re:A tip for management

[Ephemeriis]

One of the things that makes a telnet client so handy is that it'll take a datastream from just about anything. It's great for troubleshooting SMTP servers and things like that.

The point that the parent was trying to make is that there is absolutely no reason you should be running a telnet server on any public-facing server.

Telnet itself answers on port 23. You could use a telnet connection to port 80 to maybe do some troubleshooting or something... But if you just try to telnet into your company website on the default port (23) and you get a login prompt, somebody is doing something wrong.

Re:A tip for management

[ediron2]

Try typing 'Global Thermonuclear War' instead of 'hello'.

Re:A tip for management

[dr2chase]

I think it would be ok if it said, "Hello, I am Eliza."

Re:A tip for management

[Skater]

Unfortunately I use a software package that requires telnet. Their SSH solution is basically unusable, and it's not feasible to switch away from that package. Pretty annoying, actually, because every new server is set up with telnet disabled (naturally), and we have to get it re-enabled, and they always put it on a random port number.

Re:A tip for management

[goodmanj]

"websites run on port 80, right?)"

If you know this, you are not an IT manager. Nice try!

Re:A tip for management

[hedwards]

I take it that tunneling the telnet session via SSH isn't a reasonable option. Telnet at this point is antiquated and anybody that's providing software that requires it needs to be barred from the industry. It hasn't been a reasonable option in my memory, and it wasn't a reasonable option for quite some time when I started picking up FreeBSD in '99 or so.

Re:A tip for management

[zach_the_lizard]

telnet google.com 80
Trying 72.14.204.104...
Connected to google.com.
Escape character is '^]'.
Global Thermonuclear War

HTTP/1.0 400 Bad Request
Content-Type: text/html; charset=UTF-8
Content-Length: 1350
Date: Thu, 27 Jan 2011 14:58:35 GMT
Server: GFE/2.0

But I just wanted to play a game!

Re:A tip for management

[vegiVamp]

Sooo... port forwarding over SSH ?

Re:A tip for management

[dr2chase]

Tunnelling is a fabulous suggestion, but it's not intuitively obvious (I figure it out when I need it, and retain the info just long enough to get the shell script working). If you can provide the incantation, that would be very helpful.

Re:A tip for management

[PPH]

So, how many of you have PHBs that will try telnet to port 80 and run in in a panic about why telnet is enabled on their system and its a security hole and how you've all got to drop everything and fix it right now?

Re:A tip for management

[marcosdumay]

And how do you feel about GET / HTTP/1.1?

Re:A tip for management

[Bengie]

VPN and firewall rules should be a decent bandaid to protect telnet servers from outside connections. But "off like a bandaid" applies better to telnet.. gut it.

Re:A tip for management

[Culture20]

Tunnelling is a fabulous suggestion, but it's not intuitively obvious (I figure it out when I need it, and retain the info just long enough to get the shell script working). If you can provide the incantation, that would be very helpful.

Yeah, this is a problem. I can set up a tunnel easily because I do it every day, but explaining to my users how to use an ssh tunnel to connect to a firewalled port that their nonsecure webapp runs on is brutal. I send them an email explaining it, then do it for them, then resend them the email explaining it because they deleted the email. Show them that yes, the webapp is now pretending to be on localhost port foo now, so use the browser to access port foo. Rinse, repeat.

Re:A tip for management

[Have+Brain+Will+Rent]

That's a bit harsh on his secretary, don't you think?

Re:A tip for management

[Mr.+Foogle]

When I send my boss an estimate for replacing every single ancient Axis print server that does not support SSH .. he might change his mind about wholesale firing.

Re:A tip for management

[yuhong]

My favorite is HEAD, for reading the HTTP headers. Handy for debugging purposes, and the output is guaranteed to be plain 7-bit ASCII.

Re:A tip for management

[yuhong]

Yea, there is a difference between telnet on a private network and on the public Internet.

Re:A tip for management

[yuhong]

Not the IT manager targeted. Those knowing that HTTP runs on port 80 likely know that it is perfectly okay. Those that don't will just use the default when telnetting.

Re:A tip for management

[jd2112]

IT Worker reaponse: But we're using telnet to support a mission critical DOS era application that YOU wouldn't approve the funding to replace. And besides it's configured to require IPSec encryption and authentication so it's at least as secure as SSH.

Re:A tip for management

[hedwards]

It depends on your platform. For Windows Putty will do it pretty all for you without having to know much. On Linux the following should help you out: Ssh port forwarding

Once you do it a couple times it gets to be pretty easy, the only hitch is that it can be a pain if their side is on a dynamic IP. But that's easily scripted.

Re:A tip for management

[goodmanj]

PHB's don't know what "port 80" means.

Re:A tip for management

[thisisntme]

Why would a web server respond with a GET request?

Re:A tip for management

[marcosdumay]

Try looking into Elisa on Google. Or if you have emacs on handy, I think it is ^x-doctor.

Good ole days

[Airdorn]

I like telnet because it reminds me of when I was young.

Re:Good ole days

[John+Hasler]

If telnet reminds you of when you were young you aren't old.

Re:Good ole days

[zach_the_lizard]

He could very well be. Wikipedia says Telnet was under development in 1969. He could have old enough at the time to have used it.

Misleading headline

[antifoidulus]

Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

Re:Misleading headline

[Ngarrang]

Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

If I had a mod point, you would have it. This is so true. The hackers can only hack what you've left connected and unsecured. What happened to the policy of closing every port, then open up the one's you actually need.

Re:Misleading headline

[Media_Scumbag]

Yes, that headline would be more suitable, but the analogy is trite. Water is not "wet" when it is a solid, or a vapor. I wish people would let this expression die.

Re:Misleading headline

[Securityemo]

A surge in connection attempts like this obviously indicates that someone's found a remote pre-auth hole in a popular telnet service. Apart from coders presumably putting in a lot more effort to write secure code for the SSH server, telnet is only easier to hack compared to an SSH server in terms of MITM/sniffing attacks.

Re:Misleading headline

[DavidTC]

Actually, ice and water vapor are both pretty wet if people interact with them, as the part of them touching a person rapidly changes to the person's temperature and turns into water. And 'wet' means 'gets liquid on a person'.

So standing in steam or touching ice in normal room temperature, you'll find they are, indeed, 'wet', as they will get liquid on you.

Now, if the air temperature is too extreme it won't, if you stand in steam at 300 degrees air temp or in ice cold enough that the water on your skin refreezes so fast you can't feel it, but you'll be seriously injured or dead anyway, so what is 'wet' is somewhat moot there....human speech only describes things we live though, for obvious reasons.

That said, the other poster is right...'water' is the liquid state of H2O. Calling ice or steam 'water' is incorrect. But interacting with those both do actually get water on you, and thus are 'wet' anyway.

Re:Misleading headline

[John+Hasler]

> Um, the reason they are using telnet is because it's trivial to hack,

No, it is trivial to intercept telnet passwords (which are sent in the clear) if you have access to a channel over which someone is logging in via telnet. A telnet deamon just sitting there unused creates a vulnerability only to the extent that it is a channel for attacking bad passwords (which is surely what these kids are doing).

However, there is no good reason to run a telnet daemon these days, especially on the public Internet.

Re:Misleading headline

[antifoidulus]

Though you sort of get into conditional probabilities there. If an attacker does a sweep looking for targets, anything with telnet is going to stand out as a something potentially juicy. If telnet is configured more than likely there are other services that aren't up to snuff and it's probably easier to find a way in.

Re:Misleading headline

[kbielefe]

However, there is no good reason to run a telnet daemon these days, especially on the public Internet.

Interesting you should say that, because the article actually says they don't know if it's brute force login attempts or botnet traffic. A largely unused port with traffic that most people ignore makes sense to park a botnet on. It makes a lot more sense than a sudden spike in system administrator incompetence, which means most of the comments on this story are likely off the mark.

Re:Misleading headline

[Securityemo]

Yeah, but that depends on the target selection method. I'm guessing spikes like these are mostly bot spreader code (worm-like behaviour) rather than anything man-powered. Find/buy exploit, rewrite it to use your call-back multi-stage bot-loader shellcode, cram it in, send out update to bots? If the statistics come from honeypots, of course, it's guaranteed that it's untargeted attacks since such systems only gets hit by attackers scanning large ranges for targets, unless they're placed on ip ranges belonging to a targeted organization.

Re:Misleading headline

[Securityemo]

I can see one reason to use ports besides 80 - not wanting to alert the targets by running afoul of ISP regulations regarding people running webservers on their hosts.

Re:Misleading headline

[mdvolm]

I would counter that water is always wet. Ice is a solid and steam is a gas. Would you ask for extra Frozen-Water-In-A-Solid-Form cubes in your water?

Re:Misleading headline

[rahvin112]

Water is absolutely not wet. You need soap to make water wet.

Re:Misleading headline

[danlock4]

No wonder wet diapers/nappies are self-cleaning!

Hackers Bringing Telnet Back?

[crow_t_robot]

How can hackers bring telnet attacks back if admins don't run telnet? Should the headline say "Admins are bringing telnet back and getting bitten in the ass for it?"

Re:Hackers Bringing Telnet Back?

[gsslay]

Probably less a case of admins "bringing it back" and more a case of admins forgetting, or being oblivious to it being there in the first place. More and more admins will have scarcely used telnet ever in their professional lives, and so will overlook its presence on their servers. Ideal for hackers.

Re:Hackers Bringing Telnet Back?

[heathen_01]

Its stretching credibility that admins won't know about telnet, but sure I can accept that. However I can't accept an admin missing that an unknown service is running and accepting connections on port 23 that the admin is oblivious about.

Re:Hackers Bringing Telnet Back?

[scorp1us]

What has happened here, is only the outdated, maintained systems are still running telnet. This corresponds to a likely weak password. And if no one is obsoleting it, then no one is really watching it either. It has now become the forgotten-about low-hanging fruit.

Re:Hackers Bringing Telnet Back?

[scorp1us]

"outdated, UNmaintained systems" - FTFM

Re:Hackers Bringing Telnet Back?

[greed]

Or an admin that has carefully secured a Solaris 10 machine, starting with shutting down telnet and the r* daemons, fingerd and all the other cruft. But then he installs a patch cluster... ...and suddenly all that crap is running again.

Don't ask me how I know that.

Re:Hackers Bringing Telnet Back?

[John+Hasler]

> ...overlook its presence on their servers.

Why are there any services running on their servers that they did not explicitly configure to run?

Re:Hackers Bringing Telnet Back?

[SuricouRaven]

Ever seen the default services on a Windows box? A lot of linux distros are almost as bad.

Re:Hackers Bringing Telnet Back?

[MMC+Monster]

I seem to recall that dd-wrt had telnet installed by default. Probably could only be accessed by the LAN, but still seemed somewhat unusual.

Hopefully they've stopped doing that. Anyone know for sure?

Re:Hackers Bringing Telnet Back?

[DarwinSurvivor]

If it did, they've fixed that now. I just nmap'd my dd-wrt router from both a wireless sytem and wired system connected to my router and nothing is running that I didn't tell to run.

Re:Hackers Bringing Telnet Back?

[marcosdumay]

I can understant that those admins don't port-scan their machines every time they update them. What I really can't accept is that some distributor activates telnet by default. That's unexcusable.

Re:Hackers Bringing Telnet Back?

[John+Hasler]

That doesn't answer the question (assuming we are talking about "professional" admins here).

Who's bringing Telnet back?

It's not the hackers that are bringing Telnet back, it's the IT departments that are deploying such services or forget to disable them when devices have it by default. You would think (*hope*) in this day and age that a professional IT department would be aware of such things, but seems our hopes are dashed.

Most devices have alternative connectivity protocols that can be used and at the very least if Telnet must be used, provide a VPN/SSH tunnel to the network from the outside or entertain a more restrictive firewall policy to contain the source IP's on that port to a manageable group.

Re:Who's bringing Telnet back?

[Stenchwarrior]

I'm bringing telnet back

Them other boys don't know how to act

I think it's special what's behind your back

So turn around and i'll pick up the slack.

Take em' to the bridge

[Bridge]

Dirty babe

You see these shackles

Baby I'm your slave

I'll let you whip me if I misbehave

It's just that no one makes me feel this way

Take em' to the chorus

[Chorus]

Come here girl

Go ahead, be gone with it

Come to the back

Go ahead, be gone with it

VIP

Go ahead, be gone with it

Drinks on me

Go ahead, be gone with it

Let me see what you're working with

Go ahead, be gone with it

Look at those hips

Go ahead, be gone with it

You make me smile

Go ahead, be gone with it

Go ahead child

Go ahead, be gone with it

And get your telnet on

Go ahead, be gone with it

Get your telnet on

Go ahead, be gone with it

[X6]

Get your telnet on

[Verse 2]

I'm bringing telnet back

Them other boys don't know how to act

Come let me make up for the things you lack

Cause your burning up I gotta get it fast

Take em' to the bridge

[Bridge]

[Chorus]

[Verse 3]

I'm bringing telnet back

Them other boys watch while I attack

If that's your girl you better watch your back

Cause she'll burn it up for me and that's a fact

Take em' to the chorus

[Chorus]

Re:Who's bringing Telnet back?

[marcosdumay]

WTF service have telnet by default?

On a relaed note, I wouldn't expect professional IT departments to be aware of such things. I'm yet to see a big IT department that knows about all their machines.

Re:Who's bringing Telnet back?

[marcosdumay]

I agree they should know every machine. And I wasn't talking about machines spreaded through the company, I'm yet to met a big IT department that knows all the machines under their physical reach.

Now, those devices with telnet by default are things that you keep always plugged to the company-wide lan? It is not so bad to use telnet through a cross-over cable directed connected to another computer, but when the device starts to use or provide lan services, that is a problem.

Re:What's the problem?

[RobbieThe1st]

Mod this guy up! Excellent quote reference.

Re:What's the problem?

[camperdave]

... anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.

Ever hear the term honeypot?

Duh

[SJ2000]

Too many networking manufacturer's still only have their gear accessibly only by telnet. Duh.

Get your hackin' on

[llManDrakell]

I'm bringin' telnet back.
Them other protocols don't know how to act.
I think it's special what's inside your rack.
So enable the service and I'll begin to hack.

Know your RFCs (was Re:who still uses telnet?)

[Xenophon+Fenderson,]

Just to be clear, TELNET and TCP are not synonymous. The FTP command channel uses TELNET as a session protocol, transported by TCP with the server usually listening on port 21. Conversely, SMTP and HTTP are their own session protocols, probably because TELNET isn't 8-bit-clean. This is why netcat, which normally uses raw TCP sockets, has a command-line option specifically for interoperation with TELNET and TELNET-based protocols.

Best wishes,
Matthew

You insensitive clod!

[PPH]

******** IS my password!

They are forgetting something...

[CoolVibe]

Seeing traffic on port 23 does not mean telnet is involved. I know some people who run their SSH daemon on that port to lessen the stupid ssh scans.

Vulnerable telnetd again?

[Culture20]

Maybe oracle released a new version of solaris with a vulnerable telnetd on by default again?

Printers?

[Culture20]

I just realized; almost every network printer out there uses telnet for remote configuration. Maybe there was a new vulnerability found on a specific type of printer that allows forwarding of the printed pages back to the script kiddies?

Re:What's the problem?

[Jello+B.]

so all i have to do is post old, tired quotes to get modded up so high that EVERYBODY has to read my dumb bullshit

way cool slashdot

Step aside, amateur

[GameboyRMH]

You lazy ass, I came in here to do that, and you do it first and can barely be bothered to change the lyrics at all!?

This is how it's done:

I'm bringing telnet back
Them other boys don't know how to hack
I can get right into your server rack
And you won't find me 'cuz I'm proxied back
Take 'em to the bridge

[Bridge]

N00b named Dave
You see this process
I make it my slave
It doesn't matter how I misbehave
The fact is no one can stop me this day
Take em' to the chorus

[Chorus]

Come here PERL
Look at me pwn'in it
Fall for my hack
Look at me pwn'in it
telnetd
Look at me pwn'in it
Loot for me
Look at me pwn'in it
Let me see what ya workin' with
Look at me pwn'in it
Look at those disks
Look at me pwn'in it
They make me smile
Look at me pwn'in it
I take your files while
Look at me pwn'in it
I get my telnet on
Look at me pwn'in it
Get my telnet on
Look at me pwn'in it
[X6]
Get my telnet on

[Verse 2]

I'm bringing telnet back
Them other boys don't know how to hack
See how I doctor all the logs you track
Cause I won't let you know the fix you lack
Take em' to the bridge

[Bridge]
[Chorus]
[Verse 3]

I'm bringing telnet back
Them other boys watch while I attack
If that's your server better watch your back
Cause I will root your box and that's a fact
Take em' to the chorus

[Chorus]

Re:Step aside, amateur

[Stenchwarrior]

Some of us have to work. I don't have time for much more than a simple find and replace. No one's gonna mod either one of us up anyways, cause then they'd have to admit they know the song.

Telnet vs. SSH

[DocSavage64109]

For local networks, does the difference between SSH and Telnet really matter?
The only difference is encryption. The attacker would still need the password, and with modern switches, it's impossible to steal the password without directly adding hardware somewhere along the chain of equipment directly between the two endpoints. (unless they've hacked your switch, i suppose)
I believe the real point of the article is that easy logons & passwords on Telnet are a significant security risk, especially on wifi accessible networks.

Re:Telnet vs. SSH

[Late+Adopter]

You can't use passwordless public-key authentication on stock Telnet. Also the lack of X tunneling might be an issue if there's a firewall in the way.

Re:Telnet vs. SSH

[Ash-Fox]

You can't use passwordless public-key authentication on stock Telnet.

NTLM actually makes it possible, which is on the stock telnet client in Windows since NT days.

Also the lack of X tunneling might be an issue if there's a firewall in the way.

In a *nix environment, you can open new telnet sessions and each session can be used to pipe data to/from a specific port on the remote machine, not really hard.

hey, wait a minute,.....

[hesaigo999ca]

>A new report from Akamai Technologies (CT: Requires login)...
Would that be a telnet login , or ....

OpenBSD

[Mana+Mana]

~We made openssh so that fucking legacy rash will die!~ --Theo deRaadt

Re:A tip for management (FTFY)

[oobayly]

I decided to try this just in case somebody in Google was having a laugh. Pity.

Re:Telnet = lower attack surface

[maxwell+demon]

I agree SSH is better than telnet and there is very little reason not to use it but I'm going to play devils advocate anyway.

There have been significant SSH specific remote expliot vulnerabilities in the past. Telnet has less moving parts - less to go wrong, less to attack.

Lets not forget SSH is only "secure" if you "assume" the initial leap of faith has not been compromised. If your connecting to a host for the first time via ssh or via telnet the only difference from a security perspective is the one you have incorrectly painted in your own mind.

No. If you connect to a host for the first time with telnet, your password goes through the network in clear, so all an attacker needs to get the password is a network sniffer. If you connect to a host for the first time with ssh, your password goes through the network encrypted, thus the only way for the attacker to get it is a man-in-the-middle attack. The latter is clearly more difficult (you have to alter something in the network, instead of just listen).

You are right that when connecting for the first time, SSH doesn't protect you from a man-in-the-middle attack (unless you already know the SSH key fingerprint of the connected-to host and take the effort to manually check it before accepting the key). But that doesn't imply that on first connect, SSH had no security advantage over telnet. Just having the password (and the traffic!) encrypted is a big security advantage.