

Hackers turn back the clock with Telnet attacks - alphadoggs
http://www.networkworld.com/news/2011/012711-hackers-turn-back-the-clock.html

======
trotsky
SANS seems to think quite differently:

<http://isc.sans.edu/reports.html>

Only one of their 3 top ten ports even lists telnet, it doesn't show in the
total volume one.

Top 10 Ports by Targets

    
    
      Port	Targets
      22	83923
      1433	69095
      445	44441
      1434	43076
      3389	30991
      80	17262
      139	12637
      137	8677
      4559	8246
      23	6562 <- telnet port, total: 0.02% of top ten
    

That 0.02% seems to jibe with what I expected based on seing my own deny logs.
I'm not sure what's up with the akamai report because I didn't feel like
giving them my email just to let me read something that sounds wildly
inaccurate, but I'm calling BS.

Perhaps akamai themselves often leaves telnet open (on some network hardware
they use?) and are being targeted specifically.

~~~
wnoise
I had no idea what 1433 was. Turns out it's "Microsoft SQL Server", 1434 is
"Microsoft SQL Monitor", 3389 is Remote Desktop.

4559 is apparently "hylafax", but I have no idea what that is.

(22 is of course ssh, 445 is SMB, 80 is HTTP, 137 and 139 are netbios name and
session service, respectively.)

~~~
derobert
Hylafax is an open-source fax server. Ran it a long time ago, surprised to see
its still around. People still use faxes?

<http://www.hylafax.org/content/Main_Page>

------
jacquesm
Is anybody still running a telnet daemon then?

Man, I can't even remember when I last used telnet to actually access a host
rather than to use it to test if some text protocol worked as expected.

What's next? rsh?

~~~
viraptor
Loads of managed switches, home routers, power control devices, etc. have
telnet turned on by default (not the new ones though) - maybe they are the
target?

~~~
JonnieCache
Yep. Telnet is standard in embedded devices where there is neither the CPU
power nor the electrical current available to support encrypted protocols like
SSH.

------
BoppreH
For a moment I though this was an unusual attack that changes the system time.

------
mindcrime
If they really want to turn back the clock, they'll bring back Telenet.
<http://en.wikipedia.org/wiki/Telenet>

------
ams6110
_Administrators are generally advised to disable Telnet if the protocol is not
used to prevent attacks targeting it, but some forget_

I'd like to know which OS in recent memory installed with telnetd running by
default? None I'm familiar with.

------
code_duck
Interesting... so what's going on there, I wonder. Why do these corporate
networks have port 23 open?

