Telnet Tango Web Pages
By Doctor Electron
Here are some transcripts from WebHogs for telnet fans. The "Telnet://" references in a web page may invoke your local telnet program to establish a TCP connection with a remote host. Some web sites include this feature to allow visitors to establish a separate internet connection with the host servers to obtain additional or real-time data. Thus, the telnet:// URL can be used to provide better service to visitors.
Probably these web pages explain that a particular selection will invoke your telnet program. In every case shown below, the IP address that the telnet program would use is the same as the IP address of the web site. There is no particular indication in the examples below that something malicious is going on. However, there are reported exploits using the telnet:// URL which may be found in the wild with patient use of WebHogs. Ready to tango?
NOTE: Content-Length not specified DANGER: tag contains TELNET:// A HREF=telnet://129.237.59.240 A HREF=mailto:tac@cisco.com A HREF=mailto:cs-html@cisco.com 129.237.59.240;;4;80;HOGS;683;1216;HTTP/1.0 200;cisco-IOS/11.2 NOTE: Content-Length not specified DANGER: tag contains TELNET:// a href="telnet://202.39.24.194:23/" ALERT: plays with CLASSID. ALERT: 2 OBJECT points. ALERT: 1 references to Java scripts ALERT: uses 1 EMBED tags. 202.39.24.194;;8;80;pig;630;2920;HTTP/1.0 200;Boa/0.94.7 NOTE: Content-Length not specified DANGER: tag contains TELNET:// A HREF=telnet://61.241.167.48 A HREF=mailto:tac@cisco.com A HREF=mailto:cs-html@cisco.com 61.241.167.48;;4;80;J20;1364;1892;;HTTP/1.0 200;cisco-IOS/12.2 DANGER: tag contains .EXE a href="/winbox/winbox.exe" DANGER: tag contains TELNET:// Cattle prod for hogs? a href="telnet://65.103.78.2:23/" NOTE: May require Login. 65.103.78.2;1026373633.886;8;80;HOGS;640;3299;HTTP/1.0 200 NOTE: Content-Length not specified DANGER: tag contains TELNET:// A new vulnerability? a href="telnet://65.107.192.100:23/" ALERT: plays with CLASSID. ALERT: 2 OBJECT points. Pig parade. ALERT: 1 references to Java scripts 65.107.192.100;;7;80;HOGS;575;2921;HTTP/1.0 200;Boa/0.94.7Copyright © 2002 Global Services
Original publication: August 27, 2002Back to Net Census