Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie

 I mentioned to my collegue that I would be writing a Handler diary today about telnet, his ears perked up and he said, "That's my favorite protocol, you know!". I'll bet there are a lot of you out there with the same enthusiasm about this age old favorite. 

Telnet is a grandpa(ma) of protocols.  It was the first application protocol on ARPAnet in 1969.  The RFC number is two digits for goodness sake!  RFC97, First Cut at a Proposed Telnet protocol, February 1971.  Peeps, the song of the year was "Joy to the World" by Three Dog Night!  Dev continued during the 70's and the final version was released in May of 1983. (Every Breath You Take, by The Police, if you were wondering). 
It took a while to deal with the difficulty in communicating with different manufacturers.  NVT (Network Virtal Terminal) standardized and fictionalized the terminal to enable a communication standard. Telnet is a symetric communication on port 23 between a Telnet Client and Telnet Server.  Quality of service is reliable, rate controlled and fully-duplexed protocol.  IDS Behavior consists of burst activity during the session initiation, and only occasionally thereafter.
 
One of the first "user friendly" telnet application programs was a weather warning site.  Things we take for granted now. Log into the application and your choices were wind, temperature, etc.  Telnet is also usable through SMTP and HTTP. You can mail, you can "GET"... what else could you want in a tool? 

Telnet is priceless to engineers troubleshooting routers and switches.  It is also a hackers first choice in the pen-test of your network.  Easy catch! 

The old cyber doomsday scenario serves to entertain but remind us, even as we laugh, that there is no such thing as a 100% secure computer. What are your telnet settings? 

Tell us an oldy but goody about your experience with this wonderful protocol. We'll will post the most entertaining with the group as they come in.

Come on ......Jeramiah was a bullfrog!.... WoooooHooooo!
 

Mari Nichols

Handler on Duty

Mari Nichols

76 Posts
Ahh telnet... I still remember the time I first connected to 110 to interact with POP. Come to that, back in the day I used to build a command interpreter (listening somewhere) into every daemon I wrote so I could telnet to it and control it.

I also love how in this ssh/tls world it's still there, inside openssl.
Keith

1 Posts
Oh, telnet. What fun. Aside from standard "debugging" uses (SMTP/POP3/Etc), I have fond memories of "nic.ddn.mil" to do "whois" lookups on. A good old DEC 2010 (I think?) running TOPS20. Aside for using it for "real" work, without logging in, you could see "who" was on the system and send messages back and forth. Similar to a IRC style of communications. Nobody really "uses" telnet anymore, but I do run a couple of projects that still utilize it. Mostly for nostalgic purposes. telnet://bbs.telephreak.org (Linux based EBBS software, similar to the old "l0pht" BBS). That acts like a old ROLM phone system at login. Also
telnet://deathrow.vistech.net which is a public/open access OpenVMS cluster. Yeah, we use SSH on the cluster, but telnet (and finger!) is still enabled for grins.

I have to say, the over view on ports and usage has been a very entertaining one!
Anonymous
The good old telnet.
Even a few years back on my university people watched it with awe.
It gave them the "matrix" feeling of some arcane syntax that ony the person on with the keyboard could understand ;)
Algis

5 Posts

Sign Up for Free or Log In to start participating in the conversation!