The Day the Telnet Died

Posted by pjf 4 hours ago

The Day the Telnet Died(www.labs.greynoise.io)

127 points | 67 commentspage 2

gerdesj 3 hours ago|

telnet isn't just for ... telnet.

  $ telnet smtp.example.co.uk 25
  HELO me
  MAIL FROM: gerdesj@example2.co.uk
  RCPT TO: gerdesj@example.co.uk
  DATA

.. or you can use SWAKS! For some odd reason telnet is becoming rare as an installed binary.

Twisol 3 hours ago||

The difference between "telnet" the program and "telnet" the protocol is especially important in this discussion, I think.

A more "proper" tool for that is netcat -- I doubt SMTP supports the Telnet option negotiations subsystem. (I also doubt SMTP servers can interpret the full suite of Network Virtual Terminal (NVT) commands that the Telnet protocol supports.) There's clearly enough similarity between the two protocols that if you're just using it to transfer plaintext it will probably work out fine, but they are distinct protocols.

ktpsns 3 hours ago|||

I used telnet(1) as a generic TCP text client for many years before switching to GNU/BSD netcat. Nowadays, netcat is more prominent then telnet, and telnet had its corner cases with control characters.

Never heard about https://jetmore.org/john/code/swaks/, thanks for the tip.

ozarkerD 1 hour ago|||

I discovered swaks recently, god I love that tool

quotemstr 3 hours ago||

You want nc (usually with -v) or socat. telnet is muscle memory for a lot of people (myself included sometimes) but it's a strictly inferior choice these days for poking arbitrary plaintext services.

doubled112 2 hours ago||

As long as it works, it doesn’t really matter for a quick test.

I find myself using curl telnet://server:port too often these days because telnet and nc don’t get installed.

lacunary 2 hours ago||

telnet + shijack = good times

fsmv 2 hours ago||

Your cookie banner is very inconvenient and made me leave your website and not read the article

davebranton 3 hours ago||

Why would somebody read something that somebody couldn't be bothered to write? This article is AI slop.

accrual 1 hour ago||

What stood out as AI written? It felt like a well-written article by an SME to me.

tripdout 1 hour ago||

Not the original commenter, but I noticed it too. I guess it's hard since AI is trained on human content, so presumably humans write like this too, but a few that stood out to me:

> Five entire countries vanished from GreyNoise telnet data: Zimbabwe, Ukraine, Canada, Poland, and Egypt. Not reduced — zero.

> An attacker sends -f root as the username value, and login(1) obediently skips authentication, handing over a root shell. No credentials required. No user interaction.

> The GreyNoise Global Observation Grid recorded a sudden, sustained collapse in global telnet traffic — not a gradual decline, not scanner attrition, not a data pipeline problem, but a step function. One hour, ~74,000 sessions. The next, ~22,000.

> That kind of step function — propagating within a single hour window — reads as a configuration change on routing infrastructure, not behavioral drift in scanning populations.

(and I'm not just pointing these out because of the em dashes)

GPTZero (which is just another AI model that can have similar flaws and is definitely not infallible, but is at least another data point) rates my excerpts as 78% chance AI written, 22% chance of AI-human mix.

To me at least, the article still seems to be majority human-written, though.

adolph 3 hours ago||

The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering

RupertSalt 3 hours ago|

Someone attempted to compromise my home router last week using CHARGEN. Can you imagine!

direwolf20 2 hours ago||

Attempted to compromise, or just port scanned?

gogasca 2 hours ago|

[dead]