Slashdot Mirror
Hackers Bringing Telnet Back
alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.
The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."
I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Right, but when you type hunter2, we just see *******.
On another note, anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.
I am officially gone from
I do whenever I need my Star Wars Fix. Just telnet to towel.blinkenlights.nl.
I'm a virgo and on Slashdot. Coincidence? Yes.
Does it even count as hacking? Running a telnet service should count as granting random people authorised access.
No more than running an FTP, SMTP, POP, IMAP or HTTP service without proper SSL/TLS/digest enhancements. All of them still industry standards, even the bare versions. But that's okay, the more ICT incompetence on this planet the more money I/we can make, right?
I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.
The only ones I'm aware of are those who play Nethack (or its variants) on a server like nethack.alt.org :)
If you manage your company or institution's IT department, please do the following:
Step 1: Turn on "telnet" on your PC. (Of course you Windows, you're management, right?)
Step 2: Try to "telnet" to your company's website, or to any other machine or service names your underlings bandy about.
Step 3: If you don't see "Connection refused" every time, FIRE EVERYONE WHO REPORTS TO YOU.
Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"
Monstar L
How can hackers bring telnet attacks back if admins don't run telnet? Should the headline say "Admins are bringing telnet back and getting bitten in the ass for it?"
SSH isn't always an available option.
At work our primary application is a telenet app that logs into a specific server. Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back in). We tried to upgrade to more secure connection but found the clients to be lacking about 1/2 the features found in the simple telenet client. We were told some of those features might be in the next release or two in three - five years.
Since businesses get locked into vendor lock-in pretty hard it is very tough to move out. You get stuck doing things insecurely or working around bad security because upgrading isn't possible without millions of dollars being spent uselessly(paying a vendor to bring their applications up to the year 2000 standards).
I know of one company that used Win16 subsytem as a vital part of their application up until last year. they refused to upgrade it because it worked even though in order to install the application on windows XP often required rebooting into safe mode to bypass enough security to let it install. This Application was the only way to work with their product line too with quarterly updates to the data it contained. Oh and you have to upgrade the entire application in order to update the data inside.
It is those kinds of practices that make obsolete tech like telenet still exist.
i thought once I was found, but it was only a dream.
I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.
Telnet to other ports is a GREAT way to learn how protocols work.
Here are some exercises: From a DOS prompt, try:
C:> telnet www.google.com 80
GET
GET won't be echoed, but you can see the retrieval of a web page. You can try all commands that are part of the HTTP protocol, including the exchange of cookies, posting data, etc.
Or try telnet-ing into a pop server.
You might have better success with even a semi-valid HTTP/1.1 request such as
GET / HTTP/1.1
Host: www.google.com
Also, using telnet here is redundant. You should consider using one of the several netcats available. Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).
In addition, a lot of switches and other network equipment still don't have SSH. Even switches only a couple of years old.
My blog
If telnet reminds you of when you were young you aren't old.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Godaddy.com
ALL of their hosting has telnet and open FTP you have to specially request SSH and SFTP.
Do not look at laser with remaining good eye.
... anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.
Ever hear the term honeypot?
When our name is on the back of your car, we're behind you all the way!
I have to post this anonymously for the safety of my job.
If you're worried about potentially losing your job over that type of comment, then I hope you're not posting this from work ...
What else can happen when an unstoppable force collides with an immovable object?
Right on target. I've witnessed many a clerk in a shipping/receiving department using telnet to connect to a server. Not just in-house, but often times across the country. People put those computers in place, and set up their systems 20 years ago, or more, and they aren't about to change. "Don't fix what ain't broke!"
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
This is the case with certain Cisco IOS versions. It has to be a crypto version of IOS to support SSH.
SSC
Well, to be a little more precise, FTP, SMTP, POP and IMAP don't give you command line (root) access to the computer you happen to get access too. If you break into an FTP Server, you only have access to the files that are put up on the FTP directories of that server. And possibly the right to upload new files. Which is a little less problem then having root access to the entire server. Same goes for all the other services you mention. I will have to give you this. I don't think Telnet is really that bad of a thing overall. If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH. Sure there's the whole MITM attack vector, but that's way too complicated considering the number of easy to attack machines there are out there.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
GET / HTTP\1.1 Host: www.google.com
That's not a good reason to use telnet. That's a good reason not to use Godaddy.
(Using dreamhost.com here, and I use ssh and rsync-over-ssh to do all of that... I wonder if sshfs would work, I imagine it would.)
No.
I saw the headline, and thought the story was about hackers finding some new and novel use for telnet. You know, hacking.
But it's just another article about infected Windows machines using brute force attacks on port 445 and - apparently - 23. You know, "hacking."
Here's my favorite part:
As Steve Martin once said, "I'm sorry officer, I forgot armed robbery was illegal."
I don't care why you're posting AC
We were told some of those features might be in the next release or two in three - five years.
I may sound like a preacher, but that is exactly why you want to use open source software in as many aspects of your company as possible : to develop the features you lack at a given point without depending on a dozen of third parties who can't agree with each others. I know you probably aren't the one making the decision, but that is a point to regularly make : "if you had used the open alternative, we could have added this feature. Now we can't and need to wait for another company's goodwill".
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I'm bringin' telnet back.
Them other protocols don't know how to act.
I think it's special what's inside your rack.
So enable the service and I'll begin to hack.
I had to deal with a similar setup a few years ago. What I did was put them on their own Ethernet segment that was completely isolated from everything but one machine. Even the subnet had a separate hardware switch so there was no way (other than physical access or compromise of the telnet server) that the unencrypted traffic could be intercepted. This machine was what people telnetted into, then ssh-ed out from to do work. This way, the only real weak link were the paths from the terminals to the switch, and the switch to the telnet server.
Of course, this may not be possible in all environments, but putting a box that is just used for telnetting into and either directly connecting terminals to that box via crossover cables, or using a good switch may help mitigate things.
Just to be clear, TELNET and TCP are not synonymous. The FTP command channel uses TELNET as a session protocol, transported by TCP with the server usually listening on port 21. Conversely, SMTP and HTTP are their own session protocols, probably because TELNET isn't 8-bit-clean. This is why netcat, which normally uses raw TCP sockets, has a command-line option specifically for interoperation with TELNET and TELNET-based protocols.
Best wishes,
Matthew
I'm proud of my Northern Tibetian Heritage
Would you like to drop the firewalls, then? Perimeter security isn't a complete security solution, but it's still a major part.
Seeing traffic on port 23 does not mean telnet is involved. I know some people who run their SSH daemon on that port to lessen the stupid ssh scans.
Maybe he means "safety of my job" as in "so no one knows to telnet into our horribly insecure systems"? :)
In which case, being anonymous would seem like a good idea
There are laws controlling the export and import of encryption technology in many countries. These laws restrict the sale and use of SSH; therefore, you have to differentiate your products if you want to sell in certain markets.
I just realized; almost every network printer out there uses telnet for remote configuration. Maybe there was a new vulnerability found on a specific type of printer that allows forwarding of the printed pages back to the script kiddies?
Yeah, but dreamhost doesn't run commercials suggesting that Danica Patrick will take her top off for you.