Can Microsoft's Telnet become a security threat to Windows XP users? Is there a way to firewall it so that in can not be used as an exploit?
Printable View
Can Microsoft's Telnet become a security threat to Windows XP users? Is there a way to firewall it so that in can not be used as an exploit?
Quote:
Originally posted here by Tetrismaster101
Can Microsoft's Telnet become a security threat to Windows XP users?
Telnet is a security threat in general. Anything plain text should never accept a password.
Quote:
Is there a way to firewall it so that in can not be used as an exploit?
.... Are you talking about using it or...?
I would worry about using it for anything other than something which requires Telnet and telnet only. Which I doubt anything does anymore unless yuo have some shitty legacy application with no SSH support.
As for exploits, it is an application and ALL applications can be hacked / cracked one way or another because it's code, and anything written and compiled has an error somewhere.
Windows XP, the firewall it comes with is crap and there was recently another security flaw found in it which took half a year to fix, I wouldn't recommend it at all.
You really should be a bit more descriptive. I interpreted your question 9 ways, and I'm not going into each way.
yes telnet is a security risk. You can block the port telnet uses(23?) with any decent firewall, and not use it. You could use something like SSH or Putty to do your telnet stuff.
The only remaining need for telnet is in older network hardware, routers and ****.
Instead of using your browser, you had to telnet to the router.
Oh yeah... Wargames too.
Telnet is not a security hole. The telnet server is.
So pretty much the same thing I said worded differently?
You can actualy switch off Telnet Service on Windows. Go to
"Control Panel - Administrative Tools - Services"
Find "Telnet Service" in there,
Rightclick on it and in the "Propeties - Startup Type"
change the field to "Manual" or "Disabled"
Hope it helps you
Telnet is a part of TCP/IP protocols and can become a threat to you. People can use it to Log on to your PC from the distance and actualy overtake it. They can also use Telnet option to conect to other ports of your PC except port 23. If I'm not mistaken, Telneting to port 15 will give an attacker the infor about your PC, e.g. which operating system are you runing and some of the services. I think that most of the firewalls heve these two ports blocked as default same as most of the others.
We really need more information from the requestor to properly understand the question. If he is talking about the telnet client in XP, than yes, it has a major flaw that had a patch released just last week.
There really is no longer a telnet client in XP, it is integrated into hyperterminal, which has this flaw-
http://www.microsoft.com/technet/sec.../ms04-043.mspx
Good tip. I wonder what reason a typical user would have for enabling this service? I keep it disabled on all my boxes.Quote:
Originally posted here by nightcat
You can actualy switch off Telnet Service on Windows. Go to
"Control Panel - Administrative Tools - Services"
Find "Telnet Service" in there,
Rightclick on it and in the "Propeties - Startup Type"
change the field to "Manual" or "Disabled"
Hope it helps you
Telnet is a part of TCP/IP protocols and can become a threat to you. People can use it to Log on to your PC from the distance and actualy overtake it. They can also use Telnet option to conect to other ports of your PC except port 23. If I'm not mistaken, Telneting to port 15 will give an attacker the infor about your PC, e.g. which operating system are you runing and some of the services. I think that most of the firewalls heve these two ports blocked as default same as most of the others.
Happy Holidays, -ah f#$^% it -enough of the policaly correct BS - Merry Christmas,
-D
MS telnet is configured to use NTLM authentication by default not plain text so you must be authenticated on the network before you can use it. but the option is in the server config. to allow plain test. if your behind a firewall in a trusted environment there is no problem with using telnet. with NTLM only those users that have permissions to logon to a computer running a telnet server can do so.
if you have no use for it... turn it off. just like any other service.
Explain to me what "NTLM" is? I usually don't just go into my box and just turn everthing off that i don't need, cuz if i did that i wouldn't have a box anymore, knowing me i would end up shutting something off that wasn't suppose to be turned off.
Should never accept a password? So you won't mind me fooling around your account here then?Quote:
Telnet is a security threat in general. Anything plain text should never accept a password.
This will explane NTLM: http://www.innovation.ch/java/ntlm.htmlQuote:
Explain to me what "NTLM" is? I usually don't just go into my box and just turn everthing off that i don't need, cuz if i did that i wouldn't have a box anymore, knowing me i would end up shutting something off that wasn't suppose to be turned off.
Plenty of threads here that detail what services can safely be turned off, have a browes around.
Telnet in general by itself is not a security threat, windows does not include a telnet server by default. But plain text protocols like telnet are extremely more at risk from man-in-the-middle attacks. But if you dont use it no use.
Hey Hey,
I can't believe how long this thread has gone on for and how no one has really said anything... There were one or two original comments and then everyone else regurgitated the same thing. The misinformation/bad representation of the information has to be the worst part
I usually don't have a beef with what gore says.... but this was a little much. While it's true that we shouldn't have any passwords traversing the network in plain text... Most major protocols do... POP3, SMTP, HTTP... This is why we have secure versions of those protocols however they aren't taking off very well... Millions of passwords travel in the form of electrical and optical pulses every day.... The majority of them are plaintext. If we were to start encrypting everything that passed over the internet we'd eventually notice a speed decrease.Quote:
Telnet is a security threat in general. Anything plain text should never accept a password.
PuTTY is simply a SSH/Telnet client... It doesn't even warrant mentioning here. As for the firewall why mention it? You could disable the service much easierQuote:
yes telnet is a security risk. You can block the port telnet uses(23?) with any decent firewall, and not use it. You could use something like SSH or Putty to do your telnet stuff.
Older network hardware eh? I could show you a lot of hardware that still uses telnet.Quote:
The only remaining need for telnet is in older network hardware, routers and ****.
Instead of using your browser, you had to telnet to the router.
Oh yeah... Wargames too.
Telnet is not a security hole. The telnet server is.
As far as the browser thing.... real routers may have a Web Interface, but very few people use them... they are slow and bulky... Most people telnet into their routers. The idea of using a Website to configure a 'router' has been brought on by the home router generation of crap.
How does telnet benefit a wargame?
The telnet server is not a security hole... As long as it's up-to-date there's nothing wrong with it.... If you are looking for a security hole it would be the transmission of clear text passwords (or NTLM by default (in Windows) as Tedob1 pointed out)... this has nothing to do with the server... It's the protocol.
This still presents problems... Anyone with a copy of l0phtcrack could quite easily break the NTLM and have your username, password and domain. You also have to consider that anything after the username and password is still sent in plain text.Quote:
MS telnet is configured to use NTLM authentication by default not plain text so you must be authenticated on the network before you can use it. but the option is in the server config. to allow plain test. if your behind a firewall in a trusted environment there is no problem with using telnet. with NTLM only those users that have permissions to logon to a computer running a telnet server can do so.
Quote:
There really is no longer a telnet client in XP, it is integrated into hyperterminal, which has this flaw-
It definately has a telnet client.Code:C:\WINDOWS\system32>telnet
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> quit
C:\WINDOWS\system32>dir telnet.exe
Volume in drive C has no label.
Volume Serial Number is 6055-A700
Directory of C:\WINDOWS\system32
08/04/2004 12:56 AM 75,264 telnet.exe
1 File(s) 75,264 bytes
0 Dir(s) 1,037,418,496 bytes free
C:\WINDOWS\system32>
Quote:
Telnet in general by itself is not a security threat, windows does not include a telnet server by default
Looks like there's a telnet server too.Code:iexplore 2800 8 28 725 31604 0:00:34.562 3:54:05.500
cmd 2968 8 1 31 1912 0:00:00.109 0:03:39.218
mmc 2260 8 9 250 7624 0:00:00.671 0:00:57.125
tlntsvr 3740 8 4 103 1068 0:00:00.046 0:00:37.921
pslist 3844 13 2 91 752 0:00:00.046 0:00:00.015
C:\WINDOWS\system32>dir tlntsvr.exe
Volume in drive C has no label.
Volume Serial Number is 6055-A700
Directory of C:\WINDOWS\system32
08/04/2004 12:56 AM 73,216 tlntsvr.exe
1 File(s) 73,216 bytes
0 Dir(s) 1,037,352,960 bytes free
A Default install of Windows will have both a client and a server. I find the client quite handy. I use it to connect to mail servers, grab http headers and raw html source code, among other uses. I occasionally use it
There's really only one answer to this question.... It's not:
Telnet is secure.
Telnet isn't secure.
The Telnet client is secure.
The Telnet client isn't secure.
The Telnet server is secure.
The Telnet server isn't secure
The answer is... 'Is telnet secure enough for your needs?'
You have to weigh the facts.
1. There are two major terminal protocoles (Telnet and SSH)
2. Telnet will be quicker (although this speed most likely won't be noticed with most of today's computers and internet connections) because it doesn't require authentication.
3. A Telnet Client is available by default on most, if not all, modern operating systems.
4. Telnet, by definition, transmits in clean text... anyone with a sniffer can view this data.
5. If you are using NTLM hashes you risk the chance of someone sniffing and quite easily cracking them. They'll then have your windows Username and password.
6. There are flaws in both the telnet and ssh servers. Lately, because of it's popularity and because it's younger, ssh has had more vulnerabilities discovered.
Now look at your purposes.
1. Am I on a Trusted network (my own vlan, or a home network).
2. Does my communication have to traverse the internet.
3. Am I using a VPN into a corporate environment (Data is already encrypted by the VPN). If so... what's on the other end of the VPN... is there a segment that I don't trust in the network.
4. Do I really need either of the services.
Anyways... that should beat this thread to death with a rather large stick.
Peace,
HT
HT how come my trusted environment (people & network) gets a guy with a copy of l0phtcrack and your trusted network doesn't?Quote:
Originally posted here by HTRegz
Now look at your purposes.
1. Am I on a Trusted network (my own vlan, or a home network).
Hey Hey,Quote:
Originally posted here by Tedob1
HT how come my trusted environment (people & network) gets a guy with a copy of l0phtcrack and your trusted network doesn't?
Sorry, it didn't come out how it was supposed to... I was just trying to point to point out that NTLM just adds a false sense of security... In a real trusted environment it wouldn't matter if you used NTLM or plaintext because both should be secure. So plaintext is fine.... if you are relying on NTLM to protect your username and password... you are just fooling yourself....
That was the point I was trying to get across.
Peace,
HT
No one has explained to me what "NTLM" means
Quote:*takes out spoonQuote:
Originally posted here by jinxy
This will explane NTLM: http://www.innovation.ch/java/ntlm.html
Plenty of threads here that detail what services can safely be turned off, have a browes around.
Google is your friend: www.google.com
http://www.google.com/search?hl=en&q...=Google+Search
http://www.geocities.com/rozmanov/ntlm/