MEDIUM: Accessible Telnet Report

DESCRIPTION LAST UPDATED: 2024-08-29

DEFAULT SEVERITY LEVEL: MEDIUM

This report identifies hosts that have an Telnet instance running on port 23/TCP that are accessible on the Internet.

Telnet provides no encryption and may expose sensitive information or system credentials.

In addition we also scan for devices compromised by the 7777 botnet (as reported by Bitsight). These are tagged 7777 and their severity level is set to CRITICAL. Make sure to investigate and check for any wider compromises.

You can track accessible telnet instances on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_telnet, scan6_telnet

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always TCP)
  • port
    Port that the response came from (23/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Set to telnet by default. Can also be 7777 for compromised instances.
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • banner
    The login banner of the Telnet service
  • sector
    Sector the IP belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","banner","sector"
"2010-02-10 00:00:00",medium,192.168.0.1,tcp,2323,node01.example.com,telnet,64512,ZZ,Region,City,0,,"Authorized access only",
"2010-02-10 00:00:01",medium,192.168.0.2,tcp,2323,node02.example.com,telnet,64512,ZZ,Region,City,0,ptr,"Authorized access only",
"2010-02-10 00:00:02",medium,192.168.0.3,tcp,2323,node03.example.com,telnet,64512,ZZ,Region,City,0,ptr,"Authorized access only",

Our 132 Report Types