| ▲ | AnonHP 18 hours ago |
| So Telnet as a client is not dead though, right? A long time ago, I used to use the Telnet client to talk to SMTP servers (on port 25) and send spoofed emails to friends for fun. With port blocking widening in scope, I’ve long believed that we would one day have every service and protocol listening on port 443. Since all other ports are being knocked off in the name of security, we’ll end up having one port that makes port based filtering useless. |
|
| ▲ | mmh0000 18 hours ago | parent | next [-] |
| netcat, socat and openssl s_client are all available for general manual connection testing. As are many other tools. But the ones above are basically far better direct telnet alternatives. |
| |
| ▲ | EE84M3i 17 hours ago | parent | next [-] | | I've never really understood why it's a thing to use a telnet client for transmitting text on a socket for purposes other than telnet. My understanding is that telnet is a proper protocol with escape sequences/etc, and even that HTTP/SMTP/etc require things like \r\n for line breaks. Are these protocols just... close enough that it's not a problem in practice for text data? | | |
| ▲ | degamad 15 hours ago | parent | next [-] | | Because for a long time, on most computers, the telnet client was the closest thing to an "open a tcp socket to this ip/port and connect the i/o from it to stdin/stdout" application you can get without installing something or coding it up yourself. These days we have netcat/socat and others, but they're not reliably installed, while telnet used to be generally available because telnetting to another machine was more common. These days, the answer would be to use a netcat variant. In the past, telnet was the best we could be confident would be there. | | |
| ▲ | SoftTalker 3 hours ago | parent | next [-] | | In corporate environments, netcat was often banned as it was seen as a "hacking" tool. Having it installed would sometimes get the attention of the security folks, depending how tightly they controlled things. | |
| ▲ | prmoustache 13 hours ago | parent | prev [-] | | You don't even need netcat or socat for that, probing /dev/tcp/<host>/<port> from the shell is enough. | | |
| ▲ | geocar 12 hours ago | parent | next [-] | | That's some gnu bash shenanigans. There is no /dev/tcp in unix Lots of shops didn't have gnu installed: telnet was what we had. | |
| ▲ | hibbelig 12 hours ago | parent | prev [-] | | Telnet was available in the 90s. I reckon /dev/tcp is way more recent. GP did say a long time ago. |
|
| |
| ▲ | indymike 13 hours ago | parent | prev | next [-] | | Same reason that people use vi. It's always there. | |
| ▲ | teddyh 6 hours ago | parent | prev | next [-] | | The telnet protocol with escapes, etc. is only used by the telnet client if you’re connecting to the telnet port. If you’re connecting to HTTP, SMTP or something else, the telnet protocol is not enabled. | |
| ▲ | swinglock 15 hours ago | parent | prev | next [-] | | Because it's there. | | |
| ▲ | prmoustache 13 hours ago | parent | next [-] | | It hasn't for the most part of the last 2 decades. | | |
| ▲ | 1718627440 12 hours ago | parent [-] | | The telnet client comes with MS Windows, Linux and macOS. The only platforms were you need to install some extra component are Android and iOS. | | |
| ▲ | prmoustache 8 hours ago | parent | next [-] | | Many companies have been preventing its execution or removing the package by default for a number of years. Also most linux containers do not ships with such binaries to save on img size and reduce vuln management overhead. | | |
| ▲ | 1718627440 7 hours ago | parent [-] | | > to save on img size $ ls --human --size --dereference $(which telnet)
144K /usr/bin/telnet
| | |
| ▲ | prmoustache 7 hours ago | parent [-] | | The point is not that this particular binary is huge, the point is that we tend to strip images of anything that is not useful for the actual application shipped. So we strip everything. Also: small things adds up. On AI prompt can be handled reasonably by a single machine, millions of concurrent ones involve huge datacenters and whole energy plants being restarted/built. The point of reducing the amount of binaries shipped with the image is also to reduce the amount of CVEs/vulns in your reports that wouldn't be relevant for your app but woulld still be raised by their presence. |
|
| |
| ▲ | alphager 5 hours ago | parent | prev | next [-] | | Telnet client is an optional feature in Windows that needs to be enabled/installed. | |
| ▲ | einr 4 hours ago | parent | prev [-] | | telnet hasn’t shipped with macOS since 10.12 Sierra, ten years ago. Debian also isn’t shipping telnet in the base install since Debian 11. |
|
| |
| ▲ | 15 hours ago | parent | prev [-] | | [deleted] |
| |
| ▲ | linuxftw 10 hours ago | parent | prev [-] | | In the days of yore, Windows had telnet installed. Most hackers used telnet in the 90's and early 2000's. |
| |
| ▲ | acters 16 hours ago | parent | prev [-] | | If it's alright to be pedantic, anyone with programming knowledge can do the same without these tools. What these offer is tried and tested secure code for client side needs, clear options and you don't need to hand roll code for. | | |
| ▲ | 1718627440 11 hours ago | parent | next [-] | | You can program without tools? I want to see that. Do you still have switches to alter RAM content, or do you use the butterfly method? | |
| ▲ | fragmede 15 hours ago | parent | prev [-] | | who's hand rolling code anymore these days though? |
|
|
|
| ▲ | dudefeliciano 9 hours ago | parent | prev | next [-] |
| I don’t remember how I did it but when I was about 12 years old I somehow managed to send SMS from Telnet to cell phones, and to the receiver they appeared to be sent by an official Telecom account - good that I was still an innocent child, had I discovered this a few years later I may have tried doing something nefarious with it. |
|
| ▲ | ajross 18 hours ago | parent | prev [-] |
| None of this affects the use of telnet the client program nor the ability to run a telnetd on your own host (but do be sure it's patched!). What's happened is that global routing on the internet (or big chunks of it, it's not really clear) has started blocking telnet's default port to protect presumably-unpatched/unpatchable dinosaur systems from automated attack. So you can no longer (probably) rely on getting to a SMTP server to deliver that spoofed email unless you can do it from its own local environment. |
| |
| ▲ | emmelaich 18 hours ago | parent | next [-] | | > started blocking telnet's default port But that's 23 and smtp is 25. | | |
| ▲ | jonprobably 17 hours ago | parent [-] | | SMTP has and is almost blocked everywhere to dissuade spam. | | |
| ▲ | dwedge 10 hours ago | parent [-] | | Presumably not on the SMTP servers they were connecting to. There are millions of IPs with port 25 open, without them email wouldn't work, so I'm not sure what you mean | | |
| ▲ | einr 4 hours ago | parent [-] | | They probably mean that port 25 is blocked on consumer ISPs/residential IP blocks to prevent malware from running an smtpd on an infected home computer or router (which used to happen a lot), but on a higher level of course no one blocks SMTP. |
|
|
| |
| ▲ | pkaeding 18 hours ago | parent | prev [-] | | You would still be able to use the telnet client to connect to an SMTP server on TCP port 25, just not port 23, right? I don't think that part changed here. | | |
| ▲ | ajross 18 hours ago | parent [-] | | It's... not super clear from the article whether this is a port block or a stateful protocol thing. But yes, you're probably right and SMTP spoofing is probably safe for now. | | |
|
|
