dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6326
share rss forum feed


telnet

@shawcable.net

Its 2014 Why We Still Using TELNET tcp/23 Open To Public Internet?

# while true; do nmap -sV -p23 -Pn -oG - -n -iR 10000 --host-timeout 5 --min-rate 1000 | awk -F/ '/open/{print $1,$7}' >>/tmp/telnet.txt; sleep 5; done
------------------------- WAITING 2 HOURS -------------------------
# awk '//{print $6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17}' /tmp/telnet.txt | sort | uniq -c | sort -nr
   1268
    481 Linux telnetd
    282 Cisco router telnetd
    225 Busybox telnetd
    128 BusyBox telnetd
    108 NASLite-SMB|Sveasoft Alchemy firmware telnetd
     73 Netgear broadband router or ZyXel VoIP adapter telnetd
     65 Alcatel|Thomson SpeedTouch DSL router admin interface
     63 HP H3C SR8808 SecBlade firewall module telnetd
     58 D-Link DSL-2640B ADSL router telnetd
     50 Check Point Firewall-1 telnetd
     49 Broadcom BCM96328 ADSL router telnetd
     43 Broadcom BCM96828 ADSL router telnetd
     37 Cisco or Edge-core switch telnetd
     35 Cayman-DSL router telnetd
     34 Broadcom BCM96338 ADSL router telnetd
     33 Broadcom BCM96328 DSL router telnetd
     32 Openwall GNU|*|Linux telnetd
     32 DrayTek Vigor ADSL router telnetd
     28 H3C switch telnetd
     27 Cisco IOS telnetd
     25 Netscreen ScreenOS telnetd
     24 Green Packet DX230 WAP telnetd
     20 Busybox telnetd 1.0
     18 ZTE F460 router telnetd
     17 Netopia ADSL router telnetd
     15 SMC SMC2870W Wireless Ethernet Bridge
     14 Huawei STC router telnetd
     11 Broadcom BCM96828 DSL router telnetd
     11 Broadcom BCM96348 ADSL router telnetd
     10 ZTE F660 router telnetd
     10 Motorola VT1000v VOIP Adapter telnetd (Access denied)
      8 Huawei Quidway Eudemon firewall telnetd
      8 Cisco ASR 9010 router telnetd
      6 VxWorks telnetd
      6 UTT Hiper 2610 router telnetd
      6 (Usually a Cisco|3com switch)
      6 Huawei AR28-09 router telnetd
      6 Enterasys XSR Security Router telnetd
      6 Broadcom BCM96338 DSL router telnetd
      5 VBrick 4300 video encoder telnetd
      5 utelnetd (FetchTV DVR)
      5 Polycom ViewStation Video Conferencing telnetd
      5 Microsoft Windows XP telnetd
      5 Foundry Networks telnetd
      5 D-Link DVG-series VoIP gateway telnetd 2.1.7.5
      5 Cyberoam UTM firewall telnetd
      5 BSD-derived telnetd
      5 Broadcom BCM96368 ADSL router telnetd
      4 Pirelli NetGate VOIP v2 broadband router telnetd
 


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

2 recommendations

It's not 2014 yet. Check back in ~32 hours.
--
Oh, Opera, what have you done?


rfnut
Premium
join:2002-04-27
Fisher, IL
kudos:2

1 recommendation

reply to telnet

And cause it works?


HELLFIRE
Premium
join:2009-11-25
kudos:13
reply to telnet

For all the claims of "bleeding edge" and "latest technology," IT can surprisingly be rather conservative. Case in point, look at how long the BIOS and 3.5" floppy have been around. Plus telnet's a handydandy quick tool to check port status on an endhost without having to muck with something else.

From a security standpoint, wholeheartedly agree with you, OP.

Regards



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to telnet

Telnet into my router works. It is only accessible from within the home network. That does not seem a problem.

If we declare the telnet server to be dead, then the telnet client will probably be killed also. But the telnet client is very useful, even without a telnet server. So let's at least pretent that telnet service is still useful.

For what it's worth, my recent linux installs have not included a telnet server, though it is in the repos should I wish to add it.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 12.3; firefox 24.0



Ryan
Premium
join:2001-03-03
Braintree, MA
reply to telnet

I think his complaint is the fact that it is publicly accessible, not the fact that people are still using telnet.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6

1 recommendation

reply to telnet

To give people who scan for the service @the end of 2013 something to think about?



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:9
Reviews:
·SONIC.NET
reply to Ryan

Except that there is no security problem with having an Internet accessible telnet port.
The security problem is *using* telnet over an untrusted network and having the cleartext password (and everything else in the communication) snooped.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!



Ryan
Premium
join:2001-03-03
Braintree, MA

said by leibold:

Except that there is no security problem with having an Internet accessible telnet port.
The security problem is *using* telnet over an untrusted network and having the cleartext password (and everything else in the communication) snooped.

Yea except for opening yourself up to brute force attacks (unless the device disables/limits them). There is also a good chance many of the devices are using default/weak passwords... Then of course the biggest issue as you mentioned is cleartext communication, regardless there is absolutely no reason to have telnet wide open to the world even if you are not using it..

slyphoxj

join:2002-06-23
Brook Park, OH
Reviews:
·magicjack.com
·Callcentric
·WOW Internet and..
reply to HELLFIRE

said by HELLFIRE:

For all the claims of "bleeding edge" and "latest technology," IT can surprisingly be rather conservative. Case in point, look at how long the BIOS and 3.5" floppy have been around. Plus telnet's a handydandy quick tool to check port status on an endhost without having to muck with something else.

From a security standpoint, wholeheartedly agree with you, OP.

Regards

... and the PS/2 keyboard and mouse port (still common on motherboards for new PC builds but disappearing from current desktops), and VGA (aka "RGB" or "D-Sub") port which were introduced on the IBM PS/2 back in the late 80's.

What's interesting is that Linux bypassed the BIOS 20 years ago when it first rolled out, but Windows still uses BIOS (at least Win 7 does, not sure about Win 8).

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

said by slyphoxj:

What's interesting is that Linux bypassed the BIOS 20 years ago when it first rolled out, but Windows still uses BIOS (at least Win 7 does, not sure about Win 8).

Every x86-based OS uses the BIOS similarly for initial bootstrap. Some advanced BIOSs provide additional functionality for tuning that would apply equally to any OS running on that platform.

Windows has no more of a dependency on the BIOS than Linux. Linux does not bypass the BIOS any more than any other OS.


Drunkula
Premium
join:2000-06-12
Denton, TX
reply to telnet

Honeypots/honeynets by chance?



dib22

join:2002-01-27
Kansas City, MO

said by Drunkula:

Honeypots/honeynets by chance?

That's why we leave em open at my place

lawsoncl

join:2008-10-28
Spirit Lake, ID

1 recommendation

I don't actually have anything listening, but just watch for connections to ports I don't expect connections on. Connection attempts add an iptables entry to block that IP for an hour. That really cuts down on the port scan noise quite nicely.

Expand your moderator at work