Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Can anyone explain telnet?

  1. #1

    Can anyone explain telnet?

    I was just wondering; how big of a role does it play in network security?

  2. #2
    Take a look at the following link...

    http://en.wikipedia.org/wiki/TELNET#Security

    My recommendation is to never use telnet unless you are in a closed environment.

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    the only time I use it for anything is trouble shooting connection issues....very insecure...and AFAIK all data passes in clear txt

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Junior Member BabyNet's Avatar
    Join Date
    Oct 2003
    Location
    Underground base in the mountains.
    Posts
    18
    You can go to your favorite search engine and lookup the RFC for Telnet. You can learn more about it there. If security issues is your concern then don't use it. It doesn't have an encryption program for secure communications. Other security issues are man-in-the-middle attacks, unpatched exploites, DDOS attacks, etc. The SSH program is more secure and more people use it.
    Salmos 23:4 Aunque ande en el valle de sombra profunda, no temo nada malo, porque tu estas conmigo; tu vara y cayado son las cosas que me consuelan.

  5. #5
    Ok I see why. So would finding a SSH server that works independently be ok? or one that has an account that works through the telnet protocol line? and if it is so bad then why is it considered extremely useful to hackers?

  6. #6
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Hmm...thats good. well all you experts tell about telnet is good and it has rasen some questions in mt notorious mind:

    WHy is there no secure connection for telnet? Is it just for the sake of standards?

    Is telnet really so insecure to log into any other computer than your own network?

    Can telnet be used for hacking purposes like thoe FTP commands which once upon a time used to deface websites??? I know this tool has a wide use but why is it so much critisized here....by that I do not tend to support it but want points in favour from your side to explain why you people tend to stay away from it!???
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  7. #7
    Junior Member BabyNet's Avatar
    Join Date
    Oct 2003
    Location
    Underground base in the mountains.
    Posts
    18
    Well, in my opinion. I rarely use telnet because it logs both the username and password on a computer that a person has logged in remotely.

    to heiress: You can download OpenSSH if you don't have it on your computer. There is a windows version too.
    Salmos 23:4 Aunque ande en el valle de sombra profunda, no temo nada malo, porque tu estas conmigo; tu vara y cayado son las cosas que me consuelan.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188


    and if it is so bad then why is it considered extremely useful to hackers?
    Because it is so bad.

    WHy is there no secure connection for telnet?
    Because it is effectively obsolete?

  9. #9
    Junior Member BabyNet's Avatar
    Join Date
    Oct 2003
    Location
    Underground base in the mountains.
    Posts
    18
    Here is a clearer description of what I posted earlier:

    Both SSH and Telnet are basicly the same, you have a text-base interface which you can type commands. The difference is that ssh is encrypted and telnet is not. When you are using telnet to access a system, the entire connection — including your password, all commands you type, and all email you read and send — travels in cleartext and can be easily intercepted and read by a malicious user (man-in-the-middle). With ssh, all of your passwords and data are encrypted first through a secure process that is much less sesceptible to eavedropping and interception.
    Salmos 23:4 Aunque ande en el valle de sombra profunda, no temo nada malo, porque tu estas conmigo; tu vara y cayado son las cosas que me consuelan.

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    Let's cover some things here because there's a lot of bs, questions and falsehoods flying around here..

    Telnet is a dated protocol. It isn't encrypted for the same reason that HTTP, IMAP, SMTP and POP3 aren't encrypted.. it's from a time when encryption didn't seem overly important in the grand scheme of things... Closed networks, etc... It was fast and it worked... Even now there's nothing wrong with telnet in a secure evironment.

    SSH was introduced (in part) as a telnet replacement.. SSH (Secure SHell). Originally there was SSH 1... this protocol had some major flaws and was subject to MITM attacks and other problems... Now we have SSH 2 which is more secure and more reliable... The key thing to remember is that SSH does NOT have to be encrypted... SSH can negotiate an unencrypted session in which case is it is no more secure than telnet. You have to remember that SSH provides other capabilities that weren't present in telnet... SSH is effectively a replacemen for both telnet and ftp. It also provides the capabilities to tunnel sessions allowing it to also act as a secure proxy. There is a trade off though... SSH requires more overhead as everything in the transaction has to be encrypted and decrypted. SSH (if you transfer key fingerprints yourself) also provides a method of verifying the identity of the host you are connecting to... This provides protection against MITM attacks (mind you people that just say yes and accept every new key fingerprint don't benefit from this safety feature).

    There are two things to cover additional... There is actually an encrypted telnet (just like there's encrypted http and encrypted ftp)... they all make use of SSL... so yes, you could setup telnet-ssl and have your telnet sessions encrypted via SSL..

    Lastly... Telnet as a client is considered extermely useful to "hackers" not telnet as a server... telnet as a client can be used much like netcat is used... you can connect to any port and send data back and for... It's a very basic socket client and that's why it is considered useful.

    BabyNet: You refer to sniffing (of telnet data) as a MITM... This is incorrect... Sniffing and MITM are two completely different things... Although it seems accurate to say that sniffing is done by a man-in-the-middle, this is incorrect... MITM is causing data to be sent to you (and quite often through you)... this isn't the case with sniffing

    Peace,
    HT

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •