RU
English
TCP
Опасный
Удалённый доступ
Порт 23 (Telnet)
Узнайте о порте 23 (Telnet) - угрозы безопасности, уязвимости и применение. Найдите устройства с открытым портом 23.
Краткая информация
Номер порта
23
Протокол
TCP
Сервис
Telnet
Имя IANA
Telnet
Описание сервиса
TCP port 23 is historically associated with the Telnet protocol, a now largely obsolete protocol used for providing bidirectional interactive text-oriented communication over a network, typically between a client and a server. Telnet enables users to remotely access and control a computer or device as if they were directly connected to it. The protocol operates by establishing a TCP connection to the server on port 23. Once the connection is established, the client and server exchange data as ASCII text, including commands, responses, and user input. The Telnet protocol itself is extremely simple, lacking built-in encryption or authentication mechanisms beyond a basic username and password prompt. This simplicity made it easy to implement but also inherently insecure. The protocol uses Network Virtual Terminal (NVT) data stream which defines a standard character set and control functions to ensure compatibility between different operating systems and terminal types.
At a technical level, Telnet involves the client initiating a TCP handshake with the server on port 23. The server listens for incoming connections on this port. After the handshake, the server typically presents a login prompt. The client sends the username and password (in plain text), which the server validates. If authentication is successful, the server grants the client access to a command-line interface or other applications. The protocol then transmits all subsequent data, including commands and responses, as unencrypted text. Commands such as 'ls', 'cd', 'pwd', or application-specific commands are sent from the client to the server, and the server executes these commands and sends the output back to the client. The connection persists until either the client or server terminates it, usually by sending a specific command like 'exit' or by closing the TCP connection.
## Firewall Recommendations
Telnet should generally be blocked on firewalls, especially on public-facing interfaces. If Telnet is absolutely necessary for legacy systems or specific internal network devices, it should be restricted to a dedicated, isolated network segment with strict access control policies. Consider using SSH (Secure Shell) as a secure alternative to Telnet, as it provides encryption and strong authentication. If Telnet must be used, implement strong passwords, regularly monitor Telnet logs for suspicious activity, and consider wrapping Telnet within a VPN or other secure tunnel to encrypt the traffic. Regularly audit devices running Telnet to ensure they are properly secured and patched against known vulnerabilities. Disabling Telnet entirely is the most secure option if it is not required.
At a technical level, Telnet involves the client initiating a TCP handshake with the server on port 23. The server listens for incoming connections on this port. After the handshake, the server typically presents a login prompt. The client sends the username and password (in plain text), which the server validates. If authentication is successful, the server grants the client access to a command-line interface or other applications. The protocol then transmits all subsequent data, including commands and responses, as unencrypted text. Commands such as 'ls', 'cd', 'pwd', or application-specific commands are sent from the client to the server, and the server executes these commands and sends the output back to the client. The connection persists until either the client or server terminates it, usually by sending a specific command like 'exit' or by closing the TCP connection.
## Firewall Recommendations
Telnet should generally be blocked on firewalls, especially on public-facing interfaces. If Telnet is absolutely necessary for legacy systems or specific internal network devices, it should be restricted to a dedicated, isolated network segment with strict access control policies. Consider using SSH (Secure Shell) as a secure alternative to Telnet, as it provides encryption and strong authentication. If Telnet must be used, implement strong passwords, regularly monitor Telnet logs for suspicious activity, and consider wrapping Telnet within a VPN or other secure tunnel to encrypt the traffic. Regularly audit devices running Telnet to ensure they are properly secured and patched against known vulnerabilities. Disabling Telnet entirely is the most secure option if it is not required.
Информация о безопасности
Telnet's primary security risk stems from its lack of encryption. All data transmitted over Telnet, including usernames and passwords, is sent in plain text. This makes it extremely vulnerable to eavesdropping attacks, where an attacker can intercept network traffic and easily capture sensitive credentials. Man-in-the-middle attacks are also easily facilitated due to the lack of authentication and encryption. Attackers commonly target Telnet because it provides direct access to the command-line interface of a device, allowing them to execute arbitrary commands, modify configurations, install malware, or pivot to other systems on the network. The ease of exploitation and the high potential for compromise make Telnet a significant security liability, especially on devices with default or weak passwords.
Известные уязвимости
| CVE | Название | Критичность | Описание |
|---|---|---|---|
| CVE-2019-10100 | Telnetd Stack-based Buffer Overflow | Critical | A stack-based buffer overflow vulnerability exists in the telnetd service of multiple embedded devices, allowing a remote attacker to execute arbitrary code by sending a specially crafted string during the authentication process. |
| CVE-2017-14133 | D-Link DSL-2750U Telnet Backdoor Account | High | D-Link DSL-2750U routers have a Telnet service with a hardcoded backdoor account, allowing attackers to gain unauthorized access to the device. |
| CVE-2017-15857 | Multiple D-Link Routers Telnet Command Injection | High | Multiple D-Link routers are vulnerable to command injection via the Telnet service due to insufficient input validation, allowing attackers to execute arbitrary commands. |
| CVE-2013-0166 | OpenSSL Padding Oracle Vulnerability | Medium | While not directly a Telnet vulnerability, if Telnet is wrapped in SSL (which is rare but possible), it could be vulnerable to the OpenSSL Padding Oracle vulnerability, allowing attackers to decrypt data. |
| CVE-2000-0022 | Telnet Buffer Overflow Vulnerability | High | Generic buffer overflow in telnetd service allows remote attackers to cause a denial of service or execute arbitrary commands via a long string. |
Связанное вредоносное ПО
- Mirai botnet
- Bashlite (Gafgyt) botnet
- Qbot
- Mozi botnet
Распространённое ПО
- Telnet client (various operating systems)
- Busybox (embedded systems)
- Cisco IOS (older versions)
- HP ProCurve switches (older versions)
- Some legacy network devices
- Certain industrial control systems (legacy)
Найти устройства с этим портом
Обнаружьте все устройства с открытым портом 23 в любой стране.
Искать порт 23Найдите все устройства с открытым портом 23
ScaniteX сканирует миллионы IP-адресов для поиска устройств с определёнными открытыми портами. Идеально для исследований безопасности и аудита сети.
Начать массовое сканирование