Hackers Bringing Telnet Back 238
alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.
The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."
Re:who still uses telnet? (Score:5, Informative)
Re:who still uses telnet? (Score:4, Informative)
SSH isn't always an available option.
At work our primary application is a telenet app that logs into a specific server. Of course we aren't stupid enough not to use VPN's, and packet filtering to go outside the network(or back in). We tried to upgrade to more secure connection but found the clients to be lacking about 1/2 the features found in the simple telenet client. We were told some of those features might be in the next release or two in three - five years.
Since businesses get locked into vendor lock-in pretty hard it is very tough to move out. You get stuck doing things insecurely or working around bad security because upgrading isn't possible without millions of dollars being spent uselessly(paying a vendor to bring their applications up to the year 2000 standards).
I know of one company that used Win16 subsytem as a vital part of their application up until last year. they refused to upgrade it because it worked even though in order to install the application on windows XP often required rebooting into safe mode to bypass enough security to let it install. This Application was the only way to work with their product line too with quarterly updates to the data it contained. Oh and you have to upgrade the entire application in order to update the data inside.
It is those kinds of practices that make obsolete tech like telenet still exist.
Re:People stopped using Telnet? (Score:5, Informative)
So you mean telnet the program, not telnet the protocol-- what the article was about?
Re:who still uses telnet? (Score:3, Informative)
You might have better success with even a semi-valid HTTP/1.1 request such as
GET / HTTP/1.1
Host: www.google.com
Also, using telnet here is redundant. You should consider using one [sourceforge.net] of [openbsd.org] the [sourceforge.net] several [nmap.org] netcats [deepspace6.net] available [dest-unreach.org]. Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).
Re:who still uses telnet? (Score:4, Informative)
Printers? (Score:5, Informative)