Discussion:
[ale] Is Telnet still used that much?
Ben Coleman via Ale
2017-11-30 01:53:13 UTC
Permalink
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).

Ben
--
Ben Coleman ***@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.
Alex Carver via Ale
2017-11-30 02:01:15 UTC
Permalink
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
A lot of IoT type devices use it as part of the initial setup if they
don't or can't have SSH enabled. By default BusyBox starts with Telnet
enabled until first login when a password can be set and then it
switches to SSH.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Ted W. via Ale
2017-11-30 16:13:13 UTC
Permalink
Post by Alex Carver via Ale
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
A lot of IoT type devices use it as part of the initial setup if they
don't or can't have SSH enabled. By default BusyBox starts with Telnet
enabled until first login when a password can be set and then it
switches to SSH.
This is the most correct answer. IoT devices notoriously leave telnet
open as a result of running busybox and not bothering to change
defaults.

https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/
Post by Alex Carver via Ale
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jeff Hubbs via Ale
2017-12-01 02:03:56 UTC
Permalink
An IBM (actually a rebadged NetApp) NAS at A Former Employer (tm)
likewise had telnet open. You could log in usingᅵ default creds and had
access to a very limited shell. The Linux server I built to replace it
was immeasurably better (especially with respect to security) and cost
far less.
Post by Ted W. via Ale
Post by Alex Carver via Ale
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
A lot of IoT type devices use it as part of the initial setup if they
don't or can't have SSH enabled. By default BusyBox starts with Telnet
enabled until first login when a password can be set and then it
switches to SSH.
This is the most correct answer. IoT devices notoriously leave telnet
open as a result of running busybox and not bothering to change
defaults.
https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/
Post by Alex Carver via Ale
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Raj Wurttemberg via Ale
2017-11-30 02:36:22 UTC
Permalink
One of my customers has an old SCO box to control some old equipment and the company controlling it will only use telnet (shivers). I put in an IP restriction on the firewall to only allow telnet connections from the vendor.

/Raj

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Ben Coleman via Ale
Sent: Wednesday, November 29, 2017 8:53 PM
To: Atlanta Linux Enthusiasts <***@ale.org>
Subject: [ale] Is Telnet still used that much?

While looking over recent logwatch emails from my servers lately, I've been surprised how many port 23 attempts I'm seeing, and particularly how many where port 23 is the only port attempted. Is there really enough Telnet use out there for scanning only for port 23 to be worth it? I know it's been years since I had a telnet server running on any of my servers (if I ever did).

Ben
--
Ben Coleman ***@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.


_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
DJ-Pfulio via Ale
2017-11-30 09:42:43 UTC
Permalink
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
I've seen noobs - often Windows-only people - using telnet and plainFTP
lots. Both those protocols should have died in 1995.

OTOH, if I need to troubleshoot an HTTP or SMTP connection issue, the
telnet client **is** handy.


_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Lightner, Jeffrey via Ale
2017-11-30 13:52:44 UTC
Permalink
You can use Netcat (nc) instead of the telnet client these days (on Linux at least).

It has more features than telnet client . You can even use it on one server to LISTEN on a port then connect to that server and port from another to verify firewall isn't blocking you before you start the application that would normally LISTEN on that port. I was first introduced to nc by a vendor several years ago - they were having me run command to measure network throughput.

On Windows if you don't have Cygwin you can still use the built in telnet client.

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio via Ale
Sent: Thursday, November 30, 2017 4:43 AM
To: ***@ale.org
Subject: Re: [ale] Is Telnet still used that much?
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
I've seen noobs - often Windows-only people - using telnet and plainFTP lots. Both those protocols should have died in 1995.

OTOH, if I need to troubleshoot an HTTP or SMTP connection issue, the telnet client **is** handy.


_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jerald Sheets via Ale
2017-11-30 13:57:09 UTC
Permalink
Not that I’ve seen any recently, but most port concentrators were using telnet well into the 2000’s. I still have all my pinout diagrams and RS-232 signaling docs from those days. When Wyse started to press concentrator manufacturers (Digiboard, etc.) to go to SSH-based management is when it finally happened IIRC.

Many vendors ERP solutions had backends to their own self-rolled terminal programs (Cerner, Lawson, etc.) that required Telnet well past 2005. It wasn’t until HIPAA started pushing on hospitals to kill it that hospitals had the teeth to tell the vendors they couldn’t install it on their networks because HIPAA. Once that happened, the vendors had to move quickly (only took like three months) to retrofit their entire network for SSH over telnet.

a little history there
 :)

Point is, that’s a *tad* early for that assertion, but I agree with the sentiment totally.

—j
Post by DJ-Pfulio via Ale
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
I've seen noobs - often Windows-only people - using telnet and plainFTP
lots. Both those protocols should have died in 1995.
OTOH, if I need to troubleshoot an HTTP or SMTP connection issue, the
telnet client **is** handy.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Joey Kelly via Ale
2017-11-30 22:16:14 UTC
Permalink
Post by Ben Coleman via Ale
While looking over recent logwatch emails from my servers lately, I've
been surprised how many port 23 attempts I'm seeing, and particularly
how many where port 23 is the only port attempted. Is there really
enough Telnet use out there for scanning only for port 23 to be worth
it? I know it's been years since I had a telnet server running on any
of my servers (if I ever did).
Lots of old busted routers and phone equipment still use telnet ;-(
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Loading...