Some of Typical Remote Attacks

Higher Level


The Attack

The Attack Level & Response

The Attacker & Victim's OS

> Some Forms <

 Back

Telnet is an interesting protocol. One can learn many things using Telnet. For example, you can cull what version of the operating system is bring run. Crackers can use a combination of rsh and telnet to produce a coordinated attack. The cracker uses rsh to connect to the X terminal and calls the X terminal’s Telnet client program. Finally, the output is redirected to the crackers’ local terminal.

Moreover, Telnet can be used for other nefarious purposes. Tera Term is one such application. Tera Term sports a language that allows you to automate Telnet sessions. This language can be used to construct scripts that can determine valid usernames on a system that refuses to cough up information on finger or sendmail-expn queries. Versions of Telnet reveal this information in a variety of ways. For example, if a bogus username is given, the connection will be cut. However, if a valid username is given, a new login: prompt is reissued.

Cross Reference: A fix for this problem, issued by Microsoft, can be found at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postS

Finally, Telnet is often used to generate fakemail and fakenews. Spammers often use this option instead of using regular means of posting Usenet messages. There are certain options that can be set this way that permit spammers to avoid at least some of the screens created by spam-killing robots on the Usenet network.

Resources

Sendmail Bug Exploits List. Explains methods of attacking sendmail. Some of these techniques use Telnet as the base application.

Improving the Security of Your Site by Breaking Into It. Dan Farmer and Wietse Venema.

The Telnet Protocol Specification (RFC 854). J. Postel and J. Reynolds. May 1983.

The Telnet Environment Option (RFC 1408). D. Borman, Editor. Cray Research, Inc. January 1993.

Telnet Environment Option (RFC 1572). S. Alexander.

Telnet Authentication: SPX (RFC 1412). K. Alagappan.

Telnet Remote Flow Control Option. (RFC 1372). C. Hedrick and D. Borman.

Telnet Linemode Option (RFC 1184). D.A. Borman.

The Q Method of Implementing Telnet Option Negotiation (RFC 1143). D.J. Bernstein.

Telnet X Display Location Option (RFC 1096). G.A. Marcy.

Telnet Binary Transmission (RFC 856). J. Postel and J.K. Reynolds.

Remote User Telnet Service (RFC 818). J. Postel.

Discussion of Telnet Protocol (RFC 139). T.C. O'Sullivan. Unfortunately, this RFC is no longer available online.

First Cut at a Proposed Telnet Protocol (RFC 97). J.T. Melvin and R.W. Watson. Unfortunately, this RFC is no longer available online.

The Telnet Authentication Option. Internet Engineering Task Force Internet Draft. Telnet Working Group. D. Borman, Editor. Cray Research, Inc. February 1991.

Telnet Authentication: Kerberos Version 4 (RFC 1411). D. Borman, Editor. Cray Research, Inc. January 1993.

STEL: Secure Telnet. Encryption-enabled Telnet. David Vincenzetti, Stefano Taino, and Fabio Bolognesi.

Session-Layer Encryption. Matt Blaze and Steve Bellovin. Proceedings of the Usenix Security Workshop, June 1995.

Attaching Non-TCP-IP Devices with Telnet. Stefan C. Johnson. Sys Admin: The Journal for UNIX Systems Administrators. June 1996.

Secure RPC Authentication (SRA) for Telnet and FTP. David K. Hess, David R. Safford, and Douglas Lee Schales. Proceedings of the Fourth Usenix Security Symposium, Supercomputer Center, Texas A&M University, 1993.

Internetworking with TCP/IP Vol. 1: Principles, Protocols and Architecture. Douglas Comer. Prentice Hall. 1991.

Terminal Hopping. Karen Bannan. PC Magazine's InternetUser--CRT, Version 1.1.4 (01/30/97).

Telnet & Terminal Emulation. PC Magazine's InternetUser. January 30, 1997.

EFF's (Extended) Guide to the Internet--Telnet. Adam Gaffin. Mining the Net, Part I.

Back