Telnet Tango Web Pages

By Doctor Electron

Here are some transcripts from WebHogs for telnet fans. The "Telnet://" references in a web page may invoke your local telnet program to establish a TCP connection with a remote host. Some web sites include this feature to allow visitors to establish a separate internet connection with the host servers to obtain additional or real-time data. Thus, the telnet:// URL can be used to provide better service to visitors.

Probably these web pages explain that a particular selection will invoke your telnet program. In every case shown below, the IP address that the telnet program would use is the same as the IP address of the web site. There is no particular indication in the examples below that something malicious is going on. However, there are reported exploits using the telnet:// URL which may be found in the wild with patient use of WebHogs. Ready to tango?

   NOTE: Content-Length not specified
   DANGER: tag contains TELNET://  
A HREF=telnet://129.237.59.240
A HREF=mailto:tac@cisco.com
A HREF=mailto:cs-html@cisco.com
129.237.59.240;;4;80;HOGS;683;1216;HTTP/1.0 200;cisco-IOS/11.2

   NOTE: Content-Length not specified
   DANGER: tag contains TELNET://  
a href="telnet://202.39.24.194:23/"
   ALERT: plays with CLASSID. 
   ALERT: 2 OBJECT points. 
   ALERT: 1 references to Java scripts
   ALERT: uses 1 EMBED tags. 
202.39.24.194;;8;80;pig;630;2920;HTTP/1.0 200;Boa/0.94.7

   NOTE: Content-Length not specified
   DANGER: tag contains TELNET://  
A HREF=telnet://61.241.167.48
A HREF=mailto:tac@cisco.com
A HREF=mailto:cs-html@cisco.com
61.241.167.48;;4;80;J20;1364;1892;;HTTP/1.0 200;cisco-IOS/12.2

   DANGER: tag contains .EXE  
a href="/winbox/winbox.exe"
   DANGER: tag contains TELNET://  Cattle prod for hogs?
a href="telnet://65.103.78.2:23/"
   NOTE: May require Login. 
65.103.78.2;1026373633.886;8;80;HOGS;640;3299;HTTP/1.0 200

   NOTE: Content-Length not specified
   DANGER: tag contains TELNET://  A new vulnerability?
a href="telnet://65.107.192.100:23/"
   ALERT: plays with CLASSID. 
   ALERT: 2 OBJECT points. Pig parade.
   ALERT: 1 references to Java scripts
65.107.192.100;;7;80;HOGS;575;2921;HTTP/1.0 200;Boa/0.94.7

Copyright © 2002 Global Services
Original publication: August 27, 2002

Back to Net Census