I first used telnet in the 1990s to connect and play a text-based MUD.
Back then we had large monitors with black background and green text
font; for most people black background and white text was probably
more common, but I remember having played that MUD for some weeks
on such a setup (on a campus site, so these computers were used by
students; we only had access to the campus on the weekend as the
main guy's father in our group worked at that university).
It actually was fun to use telnet like that and play the MUD, even
if inconvenient. Of course our group soon switched to MUD clients
that were more convenient to use, so using telnet became super-rare.
I only used telnet a few more times after that. About three times
again playing lateron when I had no internet connection, and for
a few other things too, unrelated to MUDs, e. g. testing websites
and similar activities.
For connections, I kind of use ssh much more frequently so, even
on windows via the tabby terminal. It is not as convenient on
Linux (there I tend to prefer KDE konsole) but it works fairly well.
I have not used telnet in quite some years now, but I still remember
fondly to having typed commands to search for herbs in a meadow
on that MUD (well, room designated was meadows and you could
find herbs which would replenish over time, so you could search,
sell and so forth; I have not played any MUDs since decades but
it was fun in the 1990s era).
Telnet will probably never die since it is so simple, but I think
it is also not quite as important as it was, say, in the 1990s or
so. Would be interesting for statistics that could measure this
more objectively.
For Tiny* servers, "raw telnet" was considered a ghetto experience. The worst part was that the asynchronous output would just stream in whether or not you were done typing, and you'd invariably lose track of what your input line looked like. So the primary task of a TinyMUD client was to separate them. Some used a "split screen", and some just kept refreshing the input line as new output was displayed.
None of our MUDs ever appeared on port 23 and none of our servers ever spoke "The TELNET Protocol" as found in RFC 854. Telnet was simply the bundled TCP client that you could use for anything.
The other cool features for a MUD client was using macros to perform repeated tasks or say interesting things, and /hilite and /gag were indispensable. /gag silenced/muted a player or a pattern-match of your choice, and so to play with "raw telnet" was to unblock all your /gagged players and let them get under your skin again. A fate truly worse than death (well you got paid "insurance" for dying, so many people enjoyed the experience.)
Also popular in Tiny* clients was cursor line-editing and a command history. One client developer was sort of a troll, and so when he forked "tinywar" it began to feature some automation that could permit a player to make a real nuisance of themselves. But he was also a great programmer, and not all tinywar users were trolls, so it got put to good use.
Ultimately, Explorer_Bob wrote TinyFugue, and Ken Keys "Hawkeye" took over development, pushing it into amazing heights on a level with MUSH programming, and TinyFugue basically became the gold standard client for Unix and was also ported to Win32, and ultimately abandoned in an extremely stable state. I went to school with Ken. Miss you, man!
> room designated was meadows and you could find herbs which would replenish over time
I'm sure several MUDs did this, but, this sounds an awful lot like my home MUD of Achaea, which started in ~1997, still exists (healthily!), and has this exact system :)
Surprisingly measuring legitimate Telnet usage may be even harder than measuring attacks! Getting representative metrics of benign src-dst endpoint pairs while controlling neither approaches impossibility, especially since at global scale it’d be mixed with (I suspect) orders of magnitude more attack traffic. Best you could probably do is measure on a clean-ish ISP like a university network.
The last time I used Telnet was back in the late 80s for mostly CS class pranking, to remotely launch 50+ Xeyes Xwindows widgets on my class mate's Sun Workstation screens through a timed bash script. Watching them freak out as dozens of eyeballs suddenly appeared, while acting all innocent.
The only time I use telnet is when I'm building something with the socket API and want to make sure I did the setup/connection handover correctly so I make a quick echo server and connect over telnet just to confirm its working.
Lutron used it for their integrations platform up til very recently. It was extremely convenient, being able to write little scripts that do things like turn off all the lights
The main question is why use Telnet when ssh is available. Some people mentioned routers, maybe that is why. But I would think in this day and age routers would now use ssh.
I do remember reading a long time ago telnet does/can support encryption. But when I looked at the systems I have access to, the manuals have no mention of that.
The biggest remaining production use of telnet is IBM mainframe and midrange systems. tn3270 which is a telnet extension implementing support for 3270 block mode terminal data streams is still in widespread use, and there is also tn5250 which does the same for 5250 terminals (used on IBM i / AS/400)
This use case is perfectly secure, because IBM mainframe/midrange telnet servers support telnet-over-TLS, and that’s what people run in production
For connecting to mainframes, SSH has no real advantage over TLS, and its major disadvantage is that there is no standardised way to transmit 3270/5250 data streams over it
But people looking for telnet traffic over the public Internet probably won’t even notice this, because they aren’t looking for telnet over TLS - which is difficult to distinguish from whatever else over TLS - and because almost all of it goes over VPNs not the public Internet
You can wrap any TCP protocol in TLS which means every TCP protocol supports encryption, Telnet included. The app (and server) simply need to wrap their connections in TLS, which is trivial in many programming ecosystems.
And IMO, X.509 (used in TLS) is virtually superior over SSH’s bespoke certificate format in every way. You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).
It is surprisingly common to find routers with " export firmware " installed out of the box, that do not have ssh support to avoid the interactions with US Cryptographic export licencing complications
I think scoffing at plaintext protocols is silly. Contemporary security architecture is a nightmare. It’s like scoffing at keyboards for sending key codes in the open to the HID controller because you’ve failed to secure your machine so badly you have adversaries in your HID controller.
If you have a well secured LAN where trust is social SSH gets
you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS. If there’s anything that should be scoffed at its us now with our bloated opaque corporate controlled OSes.
> If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS
I've had this conversation recently with a "Cyber Architect" who was losing his shit over SNMPv1 on our network passing community strings as plaintext.
Yes. If you sniff the traffic you can see the read-only password, which is left as default, and from that you can deduce that the ODU temperature for the microwave link is 32°C at the moment (pretty toasty for 3° outside air temperature). Big Fucking Whoop.
Concentrate on not having "bad actors" sniffing traffic on our network.
If the burglar is in your kitchen eating your sandwich out of the fridge, the problem is that the burglar is in your kitchen, not that he's eating your sandwich.
> If you have a well secured LAN where trust is social SSH gets you nothing.
Unless you're doing automatic and mandatory SSH key rotation (which almost nobody ever does) then SSH is just "password on a sticker next to the monitor" with a long password.
Tangentially, I saw an ad the other day for software which purports to encrypt your keystrokes: https://www.keystrokelock.com/ I have no idea what that means.
Telnet scanning is definitely down overall from what I can tell, but only by half of what it was in past months. It spiked a bunch around the time of the telnetd cve, but that's to be expected.
> However, in the context of data from Terrace and others we believe a more likely factor is the vantage point itself. Internet scanning often consists of large campaigns coordinated by specific actors,
How does one do a measurement of traffic like this? You would have to own the nodes in the packet route to be able to see traffic, but TerraceNetworks or GreyNoise don't seem to be companies that do that. How do they get the data to analyze?
Greynoise and others have shell companies and spin up exposed infra specifically to pick up scanning activity.
They have them all over the world to get attackers scanning only certain regions etc.
I should also note - I’m extremely skeptical of the OPs claims or inference that the attackers have potentially fingerprinted greynoises sensors. To suggest this while some traffic increased from specific ASN’s seems unlikely that this was the case.
If it’s not clear - this was written by a competitor of theirs.
I use it strictly on older systems that only use telnet and for casual port checking on some equipment. Last time I had to check if AIS equipment is working properly. Some people think "servers" are the only thing in this world. Telnet is one of those things that probably keeps this world function properly.
Half the time when people say they're using telnet (including in this thread) they're really just using the client as a TCP client, not doing anything with the Telnet protocol.
No one is stopping you from using the telnet client. And really you should just use netcat
There's one thing I haven't figured out with netcat- how do you know it connected? (I just looked it up, after many years: the -v flag. Which makes sense because netcat is supposed to be "transparent").
In my opinion just like IPv4, telnet and ftp will be around long after all of us. Teach your grand-kids all the escape sequences, variables and terminal types. This will be required for their Pip-Boy to connect to mainframes and terminals when keys are missing.
Frankly I'm a little sceptical about the claim that large ISPs are blocking telnet on their core routers. Core routers need to forward traffic, not inspect it. I don't see why a large ISP should burden its core infrastructure with something so trivial as telnet-specific traffic.
shevy-java|17 days ago
Back then we had large monitors with black background and green text font; for most people black background and white text was probably more common, but I remember having played that MUD for some weeks on such a setup (on a campus site, so these computers were used by students; we only had access to the campus on the weekend as the main guy's father in our group worked at that university).
It actually was fun to use telnet like that and play the MUD, even if inconvenient. Of course our group soon switched to MUD clients that were more convenient to use, so using telnet became super-rare. I only used telnet a few more times after that. About three times again playing lateron when I had no internet connection, and for a few other things too, unrelated to MUDs, e. g. testing websites and similar activities.
For connections, I kind of use ssh much more frequently so, even on windows via the tabby terminal. It is not as convenient on Linux (there I tend to prefer KDE konsole) but it works fairly well.
I have not used telnet in quite some years now, but I still remember fondly to having typed commands to search for herbs in a meadow on that MUD (well, room designated was meadows and you could find herbs which would replenish over time, so you could search, sell and so forth; I have not played any MUDs since decades but it was fun in the 1990s era).
Telnet will probably never die since it is so simple, but I think it is also not quite as important as it was, say, in the 1990s or so. Would be interesting for statistics that could measure this more objectively.
RupertSalt|17 days ago
For Tiny* servers, "raw telnet" was considered a ghetto experience. The worst part was that the asynchronous output would just stream in whether or not you were done typing, and you'd invariably lose track of what your input line looked like. So the primary task of a TinyMUD client was to separate them. Some used a "split screen", and some just kept refreshing the input line as new output was displayed.
None of our MUDs ever appeared on port 23 and none of our servers ever spoke "The TELNET Protocol" as found in RFC 854. Telnet was simply the bundled TCP client that you could use for anything.
The other cool features for a MUD client was using macros to perform repeated tasks or say interesting things, and /hilite and /gag were indispensable. /gag silenced/muted a player or a pattern-match of your choice, and so to play with "raw telnet" was to unblock all your /gagged players and let them get under your skin again. A fate truly worse than death (well you got paid "insurance" for dying, so many people enjoyed the experience.)
Also popular in Tiny* clients was cursor line-editing and a command history. One client developer was sort of a troll, and so when he forked "tinywar" it began to feature some automation that could permit a player to make a real nuisance of themselves. But he was also a great programmer, and not all tinywar users were trolls, so it got put to good use.
Ultimately, Explorer_Bob wrote TinyFugue, and Ken Keys "Hawkeye" took over development, pushing it into amazing heights on a level with MUSH programming, and TinyFugue basically became the gold standard client for Unix and was also ported to Win32, and ultimately abandoned in an extremely stable state. I went to school with Ken. Miss you, man!
Twisol|17 days ago
I'm sure several MUDs did this, but, this sounds an awful lot like my home MUD of Achaea, which started in ~1997, still exists (healthily!), and has this exact system :)
ericpauley|17 days ago
jnaina|17 days ago
pests|17 days ago
foobarian|17 days ago
OK to be fair it might not be THE telnet protocol but still.
exabrial|17 days ago
ktm5j|17 days ago
Eg: `telnet some.http.addr 80` and then type in `GET /index.html HTTP/1.0` and hit enter twice.
You can use it to test SMTP servers too.
creatonez|15 days ago
evanelias|18 days ago
jiehong|17 days ago
[0]: https://assets.denon.com/documentmaster/us/heos_cli_protocol...
paradox460|16 days ago
w4der|17 days ago
jmclnx|18 days ago
I do remember reading a long time ago telnet does/can support encryption. But when I looked at the systems I have access to, the manuals have no mention of that.
skissane|17 days ago
This use case is perfectly secure, because IBM mainframe/midrange telnet servers support telnet-over-TLS, and that’s what people run in production
For connecting to mainframes, SSH has no real advantage over TLS, and its major disadvantage is that there is no standardised way to transmit 3270/5250 data streams over it
But people looking for telnet traffic over the public Internet probably won’t even notice this, because they aren’t looking for telnet over TLS - which is difficult to distinguish from whatever else over TLS - and because almost all of it goes over VPNs not the public Internet
harrall|17 days ago
And IMO, X.509 (used in TLS) is virtually superior over SSH’s bespoke certificate format in every way. You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).
The main downside is that X.509 is more complex.
benjojo12|17 days ago
shevy-java|17 days ago
themafia|17 days ago
drum55|18 days ago
Nextgrid|17 days ago
user3939382|17 days ago
If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS. If there’s anything that should be scoffed at its us now with our bloated opaque corporate controlled OSes.
ErroneousBosh|17 days ago
I've had this conversation recently with a "Cyber Architect" who was losing his shit over SNMPv1 on our network passing community strings as plaintext.
Yes. If you sniff the traffic you can see the read-only password, which is left as default, and from that you can deduce that the ODU temperature for the microwave link is 32°C at the moment (pretty toasty for 3° outside air temperature). Big Fucking Whoop.
Concentrate on not having "bad actors" sniffing traffic on our network.
If the burglar is in your kitchen eating your sandwich out of the fridge, the problem is that the burglar is in your kitchen, not that he's eating your sandwich.
otabdeveloper4|17 days ago
Unless you're doing automatic and mandatory SSH key rotation (which almost nobody ever does) then SSH is just "password on a sticker next to the monitor" with a long password.
eurleif|17 days ago
nubinetwork|17 days ago
cobertos|17 days ago
How does one do a measurement of traffic like this? You would have to own the nodes in the packet route to be able to see traffic, but TerraceNetworks or GreyNoise don't seem to be companies that do that. How do they get the data to analyze?
signalblur|17 days ago
They have them all over the world to get attackers scanning only certain regions etc.
I should also note - I’m extremely skeptical of the OPs claims or inference that the attackers have potentially fingerprinted greynoises sensors. To suggest this while some traffic increased from specific ASN’s seems unlikely that this was the case.
If it’s not clear - this was written by a competitor of theirs.
ericpauley|17 days ago
batrat|17 days ago
akdev1l|17 days ago
IAmLiterallyAB|17 days ago
No one is stopping you from using the telnet client. And really you should just use netcat
dekhn|17 days ago
peterburkimsher|18 days ago
https://en.wikipedia.org/wiki/PTT_Bulletin_Board_System
m-hodges|18 days ago
RupertSalt|17 days ago
http://isabevigodadead.com/ [That's right, kids. There is no HTTPS server.]
nnurmanov|17 days ago
ChrisArchitect|18 days ago
The Day the Telnet Died
https://news.ycombinator.com/item?id=46967772
Bender|16 days ago
laurensr|17 days ago
cbarrick|17 days ago
I thought it was, and posted this same comment on the other telnet article. But I was informed that it is back! And I was able to confirm it myself.
I don't have a telnet client on my Mac, but I was able to confirm with nc.
nancyminusone|17 days ago
alexpotato|17 days ago
the_biot|17 days ago
yamapikarya|17 days ago
unknown|17 days ago
[deleted]
reeddev42|17 days ago
[deleted]
simpleusername|16 days ago
[deleted]