Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Bringing Telnet Back

CmdrTaco posted more than 3 years ago | from the gopher-still-dead dept.

Botnet 238

alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks. The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."

cancel ×

238 comments

who still uses telnet? (1)

Anonymous Coward | more than 3 years ago | (#35019126)

who still uses telnet?

Re:who still uses telnet? (3, Interesting)

SirGarlon (845873) | more than 3 years ago | (#35019192)

I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.

Re:who still uses telnet? (2)

Chapter80 (926879) | more than 3 years ago | (#35019360)

I use telnet clients from time to time, in the lab. You can use it connect and send data to any old port, not just 23. I would never run the telnet daemon though, and seven times never on a box that's exposed to the public Internet.

Telnet to other ports is a GREAT way to learn how protocols work.

Here are some exercises: From a DOS prompt, try:

C:> telnet www.google.com 80
GET

GET won't be echoed, but you can see the retrieval of a web page. You can try all commands that are part of the HTTP protocol, including the exchange of cookies, posting data, etc.

Or try telnet-ing into a pop server. [santovec.us]

Re:who still uses telnet? (3, Informative)

hydrofix (1253498) | more than 3 years ago | (#35019492)

You might have better success with even a semi-valid HTTP/1.1 request such as

GET / HTTP/1.1
Host: www.google.com

Also, using telnet here is redundant. You should consider using one [sourceforge.net] of [openbsd.org] the [sourceforge.net] several [nmap.org] netcats [deepspace6.net] available [dest-unreach.org] . Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).

Re:who still uses telnet? (2)

MrVictor (872700) | more than 3 years ago | (#35019776)

Just a nitpick but that HTTP request is still invalid.

GET / HTTP\1.1 Host: www.google.com

Re:who still uses telnet? (0)

ivucica (1001089) | more than 3 years ago | (#35019196)

Grandpa

Re:who still uses telnet? (1)

nharmon (97591) | more than 3 years ago | (#35019200)

People who don't know how to set up SSH.

Re:who still uses telnet? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#35019256)

You obviously don't work in a large enterprise that insists on using broken terminals that only do telnet. Its kinda like ftp. You want to get rid of it, but there are always some assholes who continue to use broken clients.

I have to post this anonymously for the safety of my job.

Re:who still uses telnet? (2)

Onuma (947856) | more than 3 years ago | (#35019686)

I have to post this anonymously for the safety of my job.

If you're worried about potentially losing your job over that type of comment, then I hope you're not posting this from work ...

Re:who still uses telnet? (3, Insightful)

Runaway1956 (1322357) | more than 3 years ago | (#35019706)

Right on target. I've witnessed many a clerk in a shipping/receiving department using telnet to connect to a server. Not just in-house, but often times across the country. People put those computers in place, and set up their systems 20 years ago, or more, and they aren't about to change. "Don't fix what ain't broke!"

Re:who still uses telnet? (1)

Tanktalus (794810) | more than 3 years ago | (#35019796)

"Don't fix what ain't broke!"

The problem is often that they don't realise it's "broke (sic)". That is often the issue. When you bring in a physical item in more pieces than it's supposed to be, that's easy to tell that it's broken. When it's a stream of digital pulses, not so easy, unless your target is technologically aware, and not always even then. I still have problems convincing otherwise smart people to use placeholders in their SQL instead of concatenation.

Re:who still uses telnet? (3, Informative)

peragrin (659227) | more than 3 years ago | (#35019354)

SSH isn't always an available option.

At work our primary application is a telenet app that logs into a specific server. Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back in). We tried to upgrade to more secure connection but found the clients to be lacking about 1/2 the features found in the simple telenet client. We were told some of those features might be in the next release or two in three - five years.

Since businesses get locked into vendor lock-in pretty hard it is very tough to move out. You get stuck doing things insecurely or working around bad security because upgrading isn't possible without millions of dollars being spent uselessly(paying a vendor to bring their applications up to the year 2000 standards).

I know of one company that used Win16 subsytem as a vital part of their application up until last year. they refused to upgrade it because it worked even though in order to install the application on windows XP often required rebooting into safe mode to bypass enough security to let it install. This Application was the only way to work with their product line too with quarterly updates to the data it contained. Oh and you have to upgrade the entire application in order to update the data inside.

It is those kinds of practices that make obsolete tech like telenet still exist.

Re:who still uses telnet? (2)

morgan_greywolf (835522) | more than 3 years ago | (#35019516)

In addition, a lot of switches and other network equipment still don't have SSH. Even switches only a couple of years old.

Re:who still uses telnet? (3, Interesting)

zach_the_lizard (1317619) | more than 3 years ago | (#35019722)

This is the case with certain Cisco IOS versions. It has to be a crypto version of IOS to support SSH.

Re:who still uses telnet? (1)

hesiod (111176) | more than 3 years ago | (#35019740)

I know it's not always a realistic option because of politics or policy, but if your switches can't do SSH, I suggest you change brands.

Re:who still uses telnet? (1)

arose (644256) | more than 3 years ago | (#35019924)

A couple years old? Who made that buying decision?

Re:who still uses telnet? (0)

Anonymous Coward | more than 3 years ago | (#35019906)

Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back).

Ah, perimeter security, a concept about as outdated as telnet (but unfortunately not as deprecated).

Re:who still uses telnet? (2)

Yvanhoe (564877) | more than 3 years ago | (#35019950)

We were told some of those features might be in the next release or two in three - five years.

I may sound like a preacher, but that is exactly why you want to use open source software in as many aspects of your company as possible : to develop the features you lack at a given point without depending on a dozen of third parties who can't agree with each others. I know you probably aren't the one making the decision, but that is a point to regularly make : "if you had used the open alternative, we could have added this feature. Now we can't and need to wait for another company's goodwill".

Re:who still uses telnet? (5, Informative)

maotx (765127) | more than 3 years ago | (#35019218)

I do whenever I need my Star Wars Fix. Just telnet to towel.blinkenlights.nl.

Re:who still uses telnet? (1)

zigurat667 (1380959) | more than 3 years ago | (#35019394)

Thanks for sharing! That really is a viable excuse for using telnet.

Re:who still uses telnet? (2)

AaxelB (1034884) | more than 3 years ago | (#35019248)

The only ones I'm aware of are those who play Nethack (or its variants) on a server like nethack.alt.org :)

Re:who still uses telnet? (1)

Skywings (943119) | more than 3 years ago | (#35019316)

I wouldn't have imagined that in this day and age there would many servers out there still with an active telnet service but I do know that a few ADSL modems out there and the odd network attached device. If you run a server and you leave your servers wide open you are asking for trouble. I've learned my lessons the hard way as I blundered my way into setting up my own LAMP based webserver and leaving openings wider than the Grand Canyon. When you're 15, a little knowledge can me dangerous. To cut a long story short, a lot of data was lost and a lot of time was wasted getting thing back up and running. Dumb things I did included opening up telnet to the world, trivial passwords, same passwords used everywhere and allowing root to login from telnet.

Re:who still uses telnet? (1)

bball99 (232214) | more than 3 years ago | (#35019622)

but hey, it's fun to watch on a honeypot under emulation! :-)

Re:who still uses telnet? (2)

Lumpy (12016) | more than 3 years ago | (#35019608)

Godaddy.com

ALL of their hosting has telnet and open FTP you have to specially request SSH and SFTP.

Re:who still uses telnet? (3, Insightful)

Tanktalus (794810) | more than 3 years ago | (#35019856)

That's not a good reason to use telnet. That's a good reason not to use Godaddy.

(Using dreamhost.com here, and I use ssh and rsync-over-ssh to do all of that... I wonder if sshfs would work, I imagine it would.)

Re:who still uses telnet? (1)

0123456 (636235) | more than 3 years ago | (#35019634)

My webcam used to have the telnet port open and would drop you straight into a root shell if you connected to it (no password required). Fortunately the new firmware fixed that.

Re:who still uses telnet? (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#35019818)

Telnet clients are useful, especially for testing out text based protocols.

Telnet on the server... well, I run it sandboxed to my LAN for testing BBSSH, but that's about it. However, it's probably safe to say that there are a lot of legacy devices (just just servers) which do provide access via telnet.

Re:who still uses telnet? (1)

medv4380 (1604309) | more than 3 years ago | (#35020130)

My Modem has a telnet remote access if it's turned on and way back the Cisco 675 had it as well and someone could attack it and get in if the owner never turned telnet on so I would suspect they maybe hitting devices that have telnet that the user hasn't locked out yet.

In other news (1, Offtopic)

mvar (1386987) | more than 3 years ago | (#35019136)

Number of incompetent administrators who still use the telnet protocol rises. More at 11

Re:In other news (1)

TheRaven64 (641858) | more than 3 years ago | (#35019154)

Does it even count as hacking? Running a telnet service should count as granting random people authorised access.

Re:In other news (0)

Anonymous Coward | more than 3 years ago | (#35019204)

I can see a blackhat running a service under the telnet port, similar to how some people run a sshd that automatically grants root access on some port.

However, telnet/telnetd as a service is a completely different story. Most competent admins got rid of telnetd more than a decade ago, and the telnet "client" tool is more of a debugging facility (to test port connectivity) than one used for remote access in today's IT climate.

Re:In other news (2)

Rob Kaper (5960) | more than 3 years ago | (#35019226)

Does it even count as hacking? Running a telnet service should count as granting random people authorised access.

No more than running an FTP, SMTP, POP, IMAP or HTTP service without proper SSL/TLS/digest enhancements. All of them still industry standards, even the bare versions. But that's okay, the more ICT incompetence on this planet the more money I/we can make, right?

Re:In other news (2)

CastrTroy (595695) | more than 3 years ago | (#35019744)

Well, to be a little more precise, FTP, SMTP, POP and IMAP don't give you command line (root) access to the computer you happen to get access too. If you break into an FTP Server, you only have access to the files that are put up on the FTP directories of that server. And possibly the right to upload new files. Which is a little less problem then having root access to the entire server. Same goes for all the other services you mention. I will have to give you this. I don't think Telnet is really that bad of a thing overall. If it has a properly secure password on it that is changed often enough, it really isn't that much less secure than SSH. Sure there's the whole MITM attack vector, but that's way too complicated considering the number of easy to attack machines there are out there.

Re:In other news (1)

Rob Kaper (5960) | more than 3 years ago | (#35020120)

The telnet protocol itself doesn't give you access either, that all depends on what kind of shell (if any) and privileges (if any) you attach to it.

The reason why I mentioned the other protocols is that access to the files and data available through those can be harmful enough to an organisation. Potentially more harmful than user privileges on a server with resource limits and no exploitable software installed.

Re:In other news (2)

multisync (218450) | more than 3 years ago | (#35019894)

Does it even count as hacking?

No.

I saw the headline, and thought the story was about hackers finding some new and novel use for telnet. You know, hacking.

But it's just another article about infected Windows machines using brute force attacks on port 445 and - apparently - 23. You know, "hacking."

Here's my favorite part:

Administrators are generally advised to disable Telnet if the protocol is not used to prevent attacks targeting it, but some forget.

As Steve Martin once said, "I'm sorry officer, I forgot armed robbery was illegal."

Re:In other news (1)

Skatox (1109939) | more than 3 years ago | (#35019156)

True, i've never used telnet. There are a lot of secure protocols to use.

Who doesn't? (1)

puterg33k (1920022) | more than 3 years ago | (#35019176)

I use telnet to remote activate telnet on your Bay Networks/Netgear hardware.

What's the problem? (-1)

interfecio (1023595) | more than 3 years ago | (#35019178)

You can't see my password when I use telnet, it just shows up as ******** when I type it. it must be secure. /sarcasm

Re:What's the problem? (3)

dkleinsc (563838) | more than 3 years ago | (#35019202)

Right, but when you type hunter2, we just see *******.

On another note, anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.

Re:What's the problem? (1)

RobbieThe1st (1977364) | more than 3 years ago | (#35019488)

Mod this guy up! Excellent quote reference.

Re:What's the problem? (2)

camperdave (969942) | more than 3 years ago | (#35019624)

... anybody who is not currently blocking access port 23, or even worse is running a telnet server, needs to hand in their sysadmin card right now.

Ever hear the term honeypot [wikipedia.org] ?

People stopped using Telnet? (4, Insightful)

Raxxon (6291) | more than 3 years ago | (#35019242)

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

Re:People stopped using Telnet? (5, Funny)

Notquitecajun (1073646) | more than 3 years ago | (#35019270)

You play a MUD still, too. Admit it.

Re:People stopped using Telnet? (3, Interesting)

omglolbah (731566) | more than 3 years ago | (#35019320)

Lensmoor.org port 3500

Shameless plug. Fun place to hang ;)

Re:People stopped using Telnet? (2)

SuricouRaven (1897204) | more than 3 years ago | (#35019408)

muck.furry.com 8888

Re:People stopped using Telnet? (2)

SuricouRaven (1897204) | more than 3 years ago | (#35019420)

Also spr.ctrl-c.liu.se 23. Lots of geeky types there.

Re:People stopped using Telnet? (1)

afallowhorizon (1179233) | more than 3 years ago | (#35019458)

Hey there Xanter ;)

Re:People stopped using Telnet? (1)

jhesse (138516) | more than 3 years ago | (#35019586)

bbs.iscabbs.com

Re:People stopped using Telnet? (0)

Anonymous Coward | more than 3 years ago | (#35019528)

I admin a large, active MUD and I don't like this news.

Re:People stopped using Telnet? (1)

Tolleman (606762) | more than 3 years ago | (#35019654)

Who doesn't? These modern MMORPG games are just MUDs for the dyslexic.

Re:People stopped using Telnet? (1)

MacGyver2210 (1053110) | more than 3 years ago | (#35019704)

moo.sindome.org:5555

Re:People stopped using Telnet? (1)

jayme0227 (1558821) | more than 3 years ago | (#35020132)

revengeofthejedi.com port 9400

Ok, so I haven't played it in a few months, but I always seem to return.

Re:People stopped using Telnet? (0)

Anonymous Coward | more than 3 years ago | (#35019308)

Methinks it's time to find some more secure tools for the ole' toolkit, my friend.

Re:People stopped using Telnet? (0)

tom17 (659054) | more than 3 years ago | (#35019538)

I use telnet client daily for checking connectivity to a port on a server. It's also everywhere so I can always easily use it.

What do you suggest instead?

Re:People stopped using Telnet? (4, Insightful)

XorNand (517466) | more than 3 years ago | (#35019610)

netcat ("nc" on most Linux distros) provides the same functionality. However, it's also more flexible in that it allows you to test UDP ports and you can easily set it up to listen for incoming connections on an arbitrary port. It's a great tool for troubleshooting firewall issues.

Re:People stopped using Telnet? (2)

TheRaven64 (641858) | more than 3 years ago | (#35019850)

Telnet is fine for testing whether a port is open, but most of the time you want to use SSL. openssl s_client -connect is roughly equivalent to telnet, but also does the TLS handshake for you.

Re:People stopped using Telnet? (2)

mvar (1386987) | more than 3 years ago | (#35019338)

Yes the telnet client is really useful, but its the server that has some..uhm.."issues".

Re:People stopped using Telnet? (4, Insightful)

Ephemeriis (315124) | more than 3 years ago | (#35019388)

I use telnet constantly. Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors, Port 3200 to check for the present of a NetGen DSS unit, etc, etc... I love telnet. Simple 3-way handshake and boom, datastream.

Sure, the telnet client is useful. I use it all the time for those very same reasons.

But actually running a telnet server and allowing incoming connections on port 23? Nope. Stopped doing that for everything I could years ago, switched to SSH on everything that would support it. The things that wouldn't support it were all tucked away on our inside network. I've got nothing facing the world that'll accept connections on port 23.

Re:People stopped using Telnet? (1)

lahvak (69490) | more than 3 years ago | (#35019554)

The things that wouldn't support it were all tucked away on our inside network

I didn't read the article, but I wonder is this is exactly what it is about. The summary mentioned the use of mobile devices. I wonder if it goes like this: bring a phone to a building, manage to connect to a purely secured wireless network, find a device that has port 23 open, ..., profit!

Of course, if you van get to it from the wireless network, it is not really safely tucked away.

Re:People stopped using Telnet? (5, Funny)

vagabond_gr (762469) | more than 3 years ago | (#35019410)

I'm using telnet for ssh too. Doing RSA in your head is a bit tricky at first, but once you get used to it it's really convenient.

PS. For a real challenge try to PPP authenticate over dial-up using your voice.

Re:People stopped using Telnet? (3, Funny)

enec (1922548) | more than 3 years ago | (#35019562)

That's easy play. I surf the web by licking the ethernet cable.

Re:People stopped using Telnet? (-1)

Anonymous Coward | more than 3 years ago | (#35019758)

Did goatse triggered the idea?

Re:People stopped using Telnet? (1)

Dunbal (464142) | more than 3 years ago | (#35019682)

Ahh but can you whistle 300 baud?

Re:People stopped using Telnet? (4, Informative)

LordLimecat (1103839) | more than 3 years ago | (#35019486)

So you mean telnet the program, not telnet the protocol-- what the article was about?

Re:People stopped using Telnet? (2)

annodomini (544503) | more than 3 years ago | (#35019670)

You might want to look into using Netcat [wikipedia.org] (or socat [dest-unreach.org] ) for this purpose; more flexible if you want to pipe the output through something like grep or tee, and it won't mistakenly try to interpret certain characters according to the Telnet protocol.

Re:People stopped using Telnet? (1)

The Moof (859402) | more than 3 years ago | (#35020078)

Port 110 to check for a broken email header, Port 25 to check for SMTP auth errors

If you're testing user accounts, or logging into your POP3 box to check those mail headers, you may want to consider not using the telnet client anymore. You're potentially compromising any accounts you log into the same as you would with telnet accounts. Your server should be configured to use TLS/SSL for clients, and you can debug them telnet-style with the s_client [openssl.org] (in the OpenSSL suite).

A tip for management (5, Insightful)

goodmanj (234846) | more than 3 years ago | (#35019250)

If you manage your company or institution's IT department, please do the following:

Step 1: Turn on "telnet" on your PC. [microsoft.com] (Of course you Windows, you're management, right?)
Step 2: Try to "telnet" to your company's website, or to any other machine or service names your underlings bandy about.
Step 3: If you don't see "Connection refused" every time, FIRE EVERYONE WHO REPORTS TO YOU.

Re:A tip for management (0)

Anonymous Coward | more than 3 years ago | (#35019342)

I just tried to connect to my company website (websites run on port 80, right?) it and got the following - the P45s are in the post!

$ telnet mycompanywebsite.com 80
Trying mycompanywebsite.com...
Connected to mycompanywebsite.com.
Escape character is '^]'.
hello
501 Method Not Implemented
Method Not Implemented
hello to /index.html not supported.
Apache/2.2.9 (Debian) Server at mycompanywebsite.com Port 80
Connection closed by foreign host.

Re:A tip for management (1)

Ephemeriis (315124) | more than 3 years ago | (#35019406)

One of the things that makes a telnet client so handy is that it'll take a datastream from just about anything. It's great for troubleshooting SMTP servers and things like that.

The point that the parent was trying to make is that there is absolutely no reason you should be running a telnet server on any public-facing server.

Telnet itself answers on port 23. You could use a telnet connection to port 80 to maybe do some troubleshooting or something... But if you just try to telnet into your company website on the default port (23) and you get a login prompt, somebody is doing something wrong.

Re:A tip for management (1)

ediron2 (246908) | more than 3 years ago | (#35019428)

Try typing 'Global Thermonuclear War' instead of 'hello'.

Re:A tip for management (1)

zach_the_lizard (1317619) | more than 3 years ago | (#35019848)

telnet google.com 80
Trying 72.14.204.104...
Connected to google.com.
Escape character is '^]'.
Global Thermonuclear War

HTTP/1.0 400 Bad Request
Content-Type: text/html; charset=UTF-8
Content-Length: 1350
Date: Thu, 27 Jan 2011 14:58:35 GMT
Server: GFE/2.0

But I just wanted to play a game!

Re:A tip for management (FTFY) (0)

Anonymous Coward | more than 3 years ago | (#35020036)

telnet google.com 80
Trying 72.14.204.104...
Connected to google.com.
Escape character is '^]'.
Global Thermonuclear War

HTTP/1.0 400 Bad Request
WINNER: NONE a strange game. The only winning move is not to play. How about a nice game of chess?
Content-Type: text/html; charset=UTF-8
Content-Length: 1350
Date: Thu, 27 Jan 2011 14:58:35 GMT
Server: GFE/2.0p>

Re:A tip for management (2)

goodmanj (234846) | more than 3 years ago | (#35019626)

"websites run on port 80, right?)"

If you know this, you are not an IT manager. Nice try!

Re:A tip for management (4, Funny)

dr2chase (653338) | more than 3 years ago | (#35019564)

I think it would be ok if it said, "Hello, I am Eliza."

Re:A tip for management (2)

Skater (41976) | more than 3 years ago | (#35019598)

Unfortunately I use a software package that requires telnet. Their SSH solution is basically unusable, and it's not feasible to switch away from that package. Pretty annoying, actually, because every new server is set up with telnet disabled (naturally), and we have to get it re-enabled, and they always put it on a random port number.

Re:A tip for management (0)

Anonymous Coward | more than 3 years ago | (#35019696)

And precisely because of that, your software vendor don't care about making a better SSH port. Try not using it and as soon as they start losing money a new package with full SSH support will be released.

The fact is that you still adding Telnet servers into your company's network. So the chances are: either this software improves or someone gets fired for being hacked, whatever happens first.

Re:A tip for management (2)

hedwards (940851) | more than 3 years ago | (#35019814)

I take it that tunneling the telnet session via SSH isn't a reasonable option. Telnet at this point is antiquated and anybody that's providing software that requires it needs to be barred from the industry. It hasn't been a reasonable option in my memory, and it wasn't a reasonable option for quite some time when I started picking up FreeBSD in '99 or so.

Re:A tip for management (0)

Anonymous Coward | more than 3 years ago | (#35019840)

Then put it behind a NAT router. SSH into the router and telnet in from there. Make sure to secure the router as best as possible including all security updates. Don't stop pressuring the software vendor to fix it's SSH support.

Re:A tip for management (1)

vegiVamp (518171) | more than 3 years ago | (#35019992)

Sooo... port forwarding over SSH ?

Re:A tip for management (0)

Anonymous Coward | more than 3 years ago | (#35020100)

(Of course you Windows, your company is relevant, right?)

FTFY.

Re:A tip for management (-1)

Anonymous Coward | more than 3 years ago | (#35020138)

telnet www.google.com 80

I guess everyone at Google should be fired. Or anyone else running a website for that matter.

Good ole days (2)

Airdorn (1094879) | more than 3 years ago | (#35019258)

I like telnet because it reminds me of when I was young.

Re:Good ole days (4, Insightful)

John Hasler (414242) | more than 3 years ago | (#35019590)

If telnet reminds you of when you were young you aren't old.

Re:Good ole days (1)

zach_the_lizard (1317619) | more than 3 years ago | (#35019920)

He could very well be. Wikipedia says Telnet was under development in 1969. He could have old enough at the time to have used it.

Misleading headline (4, Insightful)

antifoidulus (807088) | more than 3 years ago | (#35019298)

Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

Re:Misleading headline (1)

Ngarrang (1023425) | more than 3 years ago | (#35019366)

Um, the reason they are using telnet is because it's trivial to hack, in other words the headline should read "hackers hacking easiest to hack service on poorly configured machines, also water is wet, details at 11"

If I had a mod point, you would have it. This is so true. The hackers can only hack what you've left connected and unsecured. What happened to the policy of closing every port, then open up the one's you actually need.

Re:Misleading headline (1)

Media_Scumbag (217725) | more than 3 years ago | (#35019558)

Yes, that headline would be more suitable, but the analogy is trite. Water is not "wet" when it is a solid, or a vapor. I wish people would let this expression die.

Re:Misleading headline (0)

Anonymous Coward | more than 3 years ago | (#35019832)

I reject your argument... When water is called water, it is wet. If it is solid, it's called ice, and when it is a vapor it is called steam or "water vapor" (always those two words together). If someone says "water" they're almost always talking about liquid water, unless they are a scientist (not a news reporter).

Hackers (0)

Anonymous Coward | more than 3 years ago | (#35019312)

Wait, when did Slashdot start calling computer criminals hackers?

Hackers Bringing Telnet Back? (5, Insightful)

crow_t_robot (528562) | more than 3 years ago | (#35019326)

How can hackers bring telnet attacks back if admins don't run telnet? Should the headline say "Admins are bringing telnet back and getting bitten in the ass for it?"

Re:Hackers Bringing Telnet Back? (2)

gsslay (807818) | more than 3 years ago | (#35019494)

Probably less a case of admins "bringing it back" and more a case of admins forgetting, or being oblivious to it being there in the first place. More and more admins will have scarcely used telnet ever in their professional lives, and so will overlook its presence on their servers. Ideal for hackers.

Re:Hackers Bringing Telnet Back? (3, Insightful)

heathen_01 (1191043) | more than 3 years ago | (#35019662)

Its stretching credibility that admins won't know about telnet, but sure I can accept that. However I can't accept an admin missing that an unknown service is running and accepting connections on port 23 that the admin is oblivious about.

Re:Hackers Bringing Telnet Back? (1)

scorp1us (235526) | more than 3 years ago | (#35019804)

What has happened here, is only the outdated, maintained systems are still running telnet. This corresponds to a likely weak password. And if no one is obsoleting it, then no one is really watching it either. It has now become the forgotten-about low-hanging fruit.

Re:Hackers Bringing Telnet Back? (1)

scorp1us (235526) | more than 3 years ago | (#35019904)

"outdated, UNmaintained systems" - FTFM

Re:Hackers Bringing Telnet Back? (0)

Anonymous Coward | more than 3 years ago | (#35019952)

Are they bringing it back or are more devices being added which still support telnet for legacy reasons?

We switched camera systems due to a standardization effort and now each encoder has telnet open. They should be firewalled from the internet, but a number of times I've found new one which were not properly firewalled.

Personally, I would like to see them using https as the units support telnet, http, and https. An organization as big as ours really should have a way of distributing certificates from an internal CA with minimal cost. While we're not allowed to call them security cameras, we're no longer allowed to view archive footage for fear we'll leak it, so I think they should be protected better then using telnet.

Who's bringing Telnet back? (1)

Anonymous Coward | more than 3 years ago | (#35019386)

It's not the hackers that are bringing Telnet back, it's the IT departments that are deploying such services or forget to disable them when devices have it by default. You would think (*hope*) in this day and age that a professional IT department would be aware of such things, but seems our hopes are dashed.

Most devices have alternative connectivity protocols that can be used and at the very least if Telnet must be used, provide a VPN/SSH tunnel to the network from the outside or entertain a more restrictive firewall policy to contain the source IP's on that port to a manageable group.

Slashdot article about telnet in 2011 (0)

Anonymous Coward | more than 3 years ago | (#35019664)

LOL... just LOL...

WTF happened to this place? xD

Are we going to compare the speed of Amiga kickstarts next?

Duh (1)

SJ2000 (1128057) | more than 3 years ago | (#35019732)

Too many networking manufacturer's still only have their gear accessibly only by telnet. Duh.

In Soviet Russia... (0)

Anonymous Coward | more than 3 years ago | (#35019770)

Telnet hacks YOU!

Get your hackin' on (4, Funny)

llManDrakell (897726) | more than 3 years ago | (#35020148)

I'm bringin' telnet back.
Them other protocols don't know how to act.
I think it's special what's inside your rack.
So enable the service and I'll begin to hack.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...