Hackers Revisit Old Telnet Port for IT Attacks

Hackers are increasingly using the old Telnet remote-access protocol to attack corporate servers, according to a report released last month by Akamai Technologies Inc.

The vendor's quarterly report on global Internet traffic said that 10% of attacks that came from mobile networks during 2010's third quarter were directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol.

Telnet has been gradually replaced by Secure Shell, or SSH, as a means of accessing servers remotely. Administrators are generally advised to disable Telnet if the protocol isn't being used, in order to prevent attacks targeting it, but some forget to do so.

The report said the attacks are probably coming from malware-infected PCs connecting to wireless networks, not from mobile devices.

Telnet's Port 23 was "overwhelmingly the top targeted port for attacks" in Egypt, Peru and Turkey, Akamai's report said.

Akamai found that Port 445, commonly used for Microsoft products, was the most targeted port, but the attacks on the port have declined since the Conficker worm attacked it in 2009.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.


Copyright © 2011 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon