Hackers using Telnet to attack corporate servers

The 40-year-old remote access protocol is increasingly being used in attacks that came from mobile networks, according to Akamai

A new report from Akamai Technologies shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.

Akamai, which specializes in managing content and Web traffic, issues quarterly reports on Internet traffic trends. The latest report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Telnet is a remote access tool used to log into remote servers, but it has been gradually replaced by SSH, also known as Secure Shell. Administrators are generally advised to disable Telnet if the protocol is not used to prevent attacks targeting it, but some forget.

Although those attacks originated from mobile networks, Akamai said it did not appear that mobile devices were the source.

"As noted previously, we believe that the observed attack traffic that is originating from known mobile networks is likely being generated by infected PC-type clients connecting to wireless networks through mobile broadband technologies and not by infected smartphones or similar mobile devices," according to the report.

Including all types of attack traffic sources, about 17 percent of attacks were directed at Telnet. Port 23 was "overwhelmingly the top targeted port for attacks" in Egypt, Peru and Turkey, Akamai said.

"It is not clear if there is a common thread that connects these three countries, nor whether these observed attacks were brute-force login attempts or some other botnet-related traffic," the report said.

Akamai found that Port 445, which is a commonly used port for Microsoft products, was the most targeted one, although the attacks declined. The attacks peaked more than a year ago due to Conficker, a worm that rapidly spread and targeted the port.

"While the percentages are still fairly significant, this decline may signal ongoing efforts by network service providers to identify and isolate infected systems, as well as ongoing efforts to patch and/or upgrade infected systems," the report said.

Port 445 attacks were responsible for much of the attack traffic in Brazil, Germany, Italy, Russia, Taiwan, and the U.S. In China, however, attacks against SSH, which runs on Port 22, were more common than those against Port 445, Akamai said.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies