Skip to main content
HashnodeCiphered Insights Ahead : Encryption

Command Palette

Search for a command to run...

Telnet Port 23: What Is It and How It Works?

Discover how Telnet Port 23 works, its role in remote access, and the major security risks it poses.

Published
5 min read
Telnet Port 23: What Is It and How It Works?
J
James Taylor

I have extensive experience in implementing encryption solutions for businesses to safeguard their sensitive data. My background in programming languages allows me to develop custom encryption algorithms tailored to my clients' unique needs. With a deep understanding of the constantly evolving cyber security landscape, I am dedicated to ensuring the protection and privacy of my clients' information.

What is Port 23?

Before understanding port 23, let’s understand what exactly ports?. The port is a logical endpoint used for communication between devices over a network. It is a port is a 16-bit number (ranging from 0 to 65535) that identifies a specific process or service on a device within a network. There are two types of ports, TCP (Reliable, connection-oriented) and UDP (Faster but connectionless).

Understand Ports with This Analogy. The network is like a society where many people (devices) communicate. Your device is like a house in this society. The IP address is like your house address, identifying your location.

A port is like a specific door in your house leading to different rooms (applications/services). Just like different doors serve different purposes (e.g., the front door for guests, the garage for cars, and the back door for deliveries), different applications, servers, services, and processes use different ports to send and receive data.

What Port is 23 used for?

Port 23 is assigned to Telnet, a protocol used for remote communication with servers and networking devices. It’s often used for troubleshooting and testing network services. Think of it as a remote control for computers, allowing users to execute commands on a system from anywhere in the world.

Back in the early days of the internet, Telnet was a game-changer and mostly used by IT professionals. It enables IT admins to configure systems remotely. But there’s one big problem, i.e., “it sends data in plain text”.

That means passwords and sensitive information are exposed to anyone who can access your network traffic, and it can be done easily with the help of tools like Wireshark and other network packet analyser tools.

What is Telnet Port 23 Used For?

The Telnet is outdated, but some organisations still use it. If we look at the Shodan (a search engine that indexes and allows users to search for internet-connected devices) report, which shows a downtrend in the use of port 23.

The telnet Port 23 is used for the following purposes:

Remote Administration

IT teams use the telnet to access network devices, such as routers, switches, and servers, to configure settings or troubleshoot issues remotely.

Example: An administrator logs into a router via Telnet to modify network settings from another location. Since Telnet does not encrypt data, attackers can intercept login credentials and gain unauthorized access.

Debugging & Testing

Developers and network engineers use Telnet to test network connectivity, diagnose issues, and interact with services running on specific ports.

For Example, A developer checks if a web server is responding by running this telnet command “telnet example.com 80”. It tests if Port 80 (HTTP) is open and responding. Debugging over Telnet can expose sensitive system details to potential attackers.

IoT Devices and Industrial Devices

IoT (Internet of Things) devices and industrial control systems use Telnet for remote access and configuration.

For example, smart home devices and security cameras use Telnet as their primary remote communication method. Hackers can easily scan for exposed Telnet services using tools like Shodan and exploit weak/default passwords to take control of IoT devices.

Legacy Systems

The old legacy systems, devices and applications use telnet for remote access. These devices and applications are very old and do not get future updates and support from vendors and developers, which causes many vulnerabilities and is easily exploited by hackers.

What is Telnet Protocol? How Port 23 Telnet Works?

Telnet (short for Telecommunication Network) is a text-based protocol used for remote access to computers and network devices over the internet or a local network.

It follows a client-server model, where the client initiates a connection to a remote system running a Telnet server:

1. Client Requests Connection

A user runs a command like this on their device.
“telnet 192.168.1.1 23”

It tells the Telnet client to connect to IP 192.168.1.1 on Port 23.

2. The Telnet Server Accepts the Connection

The Telnet server is running on the remote machine, it responds with a login prompt asking for a username and password. The user enters credentials (username & password) to authenticate.

3. Interactive Session Begins

Once authenticated, the user gets a command-line interface of the remote system. Commands entered by the client are sent to the server and executed, and results are displayed back to the user.

4. Connection Ends

When the user logs out or closes the session, Telnet disconnects.

Security Risks and Vulnerabilities of Port 23 Telnet

Telnet is considered highly insecure because it lacks encryption, which means all the data is transferred in plain text between server and client through the network. That makes it an easy target for cyberattacks.

The major security vulnerabilities associated with Port 23 (Telnet):

Unencrypted Data Transmission

Telnet sends everything in plain text, including passwords and sensitive commands. A hacker running a simple packet-sniffing tool like Wireshark can grab your credentials in seconds. An attacker running Wireshark captures network traffic and retrieves a user’s Telnet login credentials.

Man-in-the-Middle (MITM) Attacks

Telnet doesn’t use encryption or digital certificates, an attacker can intercept and modify Telnet traffic. The attacker can inject malicious commands into the session.

Example: A hacker positions themselves between a Telnet client and server, capturing login credentials and modifying commands before they reach the server.

Brute Force Attacks

Telnet-enabled devices use default or weak passwords, making them an easy target for brute-force attacks. Attackers use tools like Hydra or Medusa to try multiple username-password combinations until they gain access.

IoT Botnet Exploitation

Many IoT devices (CCTV cameras, DVRs, routers, smart devices) still have Telnet enabled by default. Hackers scan the internet for these devices and use default credentials to take control. The Mirai botnet exploited IoT devices with Telnet access, infecting them and launching DDoS (Distributed Denial-of-Service) attacks.

Lack of Multi-Factor Authentication (MFA)

Telnet does not support MFA, meaning once an attacker has a valid password, they can log in without any additional security checks. A hacker steals Telnet credentials from a compromised database dump and MITM attack, then logs in without needing a second authentication factor.

Remote Code Execution (RCE) and Privilege Escalation

Many legacy systems with Telnet have unpatched vulnerabilities, making them open to Remote Code Execution attacks. A hacker exploits a buffer overflow vulnerability in a Telnet server to gain root access and take full control of system.

Reference

What is Port 23? Everything to Know About

#ssl#ports#encryption#web-development

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Ciphered Insights Ahead : Encryption

10 posts

A blog dedicated to exploring the world of encryption. Encryption is the process of transforming information into a coded language to protect it from unauthorized access.