Attacking Web Application Management: Telnet

  • 671
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    672
    Shares

Telnet is a user command and an underlying TCP/IP protocol for accessing remote computers, it is a cleartext protocol and, as such, is vulnerable to eavesdropping attacks by network intermediaries (someone can sniff your Telnet password in transition between you and the web server).

Sniffing is a data interception technique. Sniffer is a program that monitors or reading all network traffic passing in and out over a network. Telnet, Relogin, FTP, NNTP, SMTP, HTTP, IMAP that all protocols are vulnerable for sniffing because it transfers data and password in clear text.  Moreover, why even take the risk when protocols like SSH (Secure Shell) are available and offer much better security?

If you are interested in seeing if your web servers are using Telnet, you can scan for TCP port 23 with any decent port scanner (Nmap) or just open a command prompt and attempt to open a Telnet connection to the web server. We also recommend performing a full port scan on each of your web servers to identify Telnet services that might be listening on non-standard ports. Changing the default port is an ineffective practice (a perfect example of security through obscurity) that is, although, very common among system administrators.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!