logoalt Hacker News

trebligdivadyesterday at 11:53 PM11 repliesview on HN

Why are people still using telnet across the internet in this century? Was this _all_ attack traffic?

(OK, I know one ancient talker that uses it - but on a very non-standard port so a port 23 block wouldn't be relevant)

Replies

jaredsohntoday at 12:04 AM

To watch Star Wars in ASCII.

telnet towel.blinkenlights.nl https://www.youtube.com/watch?v=Mhcf6tc2jeQ

(Remember hearing about this a long time ago (from some searching I think it was in 1999 via Slashdot) and verified some instance of it still exists/works.)

show 2 replies
0xbadcafebeetoday at 1:27 AM

Telnet is used in legacy, IoT, embedded, and low-level industrial hardware. It's also intentionally enabled on devices where automation was written for telnet and it wasn't easy to switch to ssh.

If you investigate most commercial uses of ssh, the security is disabled or ignored. Nobody verifies host keys, and with automation where hosts cycle, you basically have to disable verification as there's no easy way around the host keys constantly changing. Without host key verification, there's kinda no point to the rest.

Even assuming the host keys were verified, the popular ssh conventions are to use either long-lived static keys (and almost nobody puts a password on theirs), or a password. Very few people use SSH with 2FA, and almost no-one uses ephemeral keys (OIDC) or certificates (which many people screw up).

So in terms of how people actually use it, SSH is one of the least secure transport methods. You'd be much more secure by using telnet over an HTTPS websocket with OAuth for login.

show 3 replies
iamnotheretoday at 12:39 AM

Hams use it over packet radio sometimes since encryption is forbidden on the amateur bands.

IMHO we need a good telnet replacement that sends signed data. Most people interpret signatures as allowed under FCC rules, just not encryption.

show 1 reply
rcakebreadtoday at 12:55 AM

One? All the talkers still use it and all the MUDs/MOOs etc. far out number the talkers.

show 1 reply
mcpherrinmyesterday at 11:55 PM

As I understand it, greynoise is monitoring scanner traffic, so yes this would all be scans or attacks

Quarreltoday at 2:02 AM

Probably one of the reasons this bug survived so long is that it isn't used much for priveleged access any more, but so you can play a moo or play you an ASCII movie, as people below you are replying.

para_parolutoday at 1:17 AM

Aardwolf works well from my work laptop. And I don’t care if someone sees what I’m doing

show 1 reply
mykotoday at 2:27 AM

I run a DikuMUD that users connect to using Telnet

I really should update it to allow more secure options

show 1 reply
omegahamtoday at 1:17 AM

nethack.alt.org still maintains a telnet server!

show 1 reply