Telnet Protocol

Telnet Protocol


Preface

本篇博客介绍了 Telnet 协议的基本原理,并演示了如何借助 Wireshark 工具对其通信过程进行抓包。最后通过与 SSH 协议的对比,分析了 Telnet 在网络安全上的缺憾。


Introduction

Telnet is one of the earliest remote login protocols on the Internet. It was initally released in the early days of IP networking in 1969, and was for a long time the default way to access remote networked computers. It is a client-server protocol that provides the user a terminal session to the remote host from the telnet client application. Since the protocol provides no built-in security measures, it suffers from serious security issues that have limited its usefulness in environments where the network cannot be fully trusted. The use of Telnet over the public Internet should be avoided due to the risk of eavesdropping.

Telnet 协议是一种应用层协议,使用于互联网局域网中,使用虚拟终端机的形式,提供双向、以文字字符串为主的交互功能。属于TCP/IP协议族的其中之一,是Internet远程登录服务的标准协议和主要方式,常用于网页服务器的远程控制,可供用户在本地主机运行远程主机上的工作。

Telnet在1969年开发出来,在 RFC 15 定义, RFC 854 定义了扩展。互联网工程任务组(IETF),在STD 8中,将其加以标准化,是最早形成的互联网协议之一。


Principles

A TELNET connection is a Transmission Control Protocol (TCP) connection used to transmit data with interspersed TELNET control information. The TELNET Protocol is built upon three main ideas: first, the concept of a “Network Virtual Terminal”; second, the principle of negotiated options; and third, a symmetric view of terminals and processes.

从 RFC 854 的定义中我们能够看到:Telnet 通过建立 TCP 连接来传输信息。

用户首先在电脑运行Telnet程序,连接至目的地服务器,然后输入账号和密码以验证身份。用户可以在本地主机输入命令,然后让已连接的远程主机运行,就像直接在对方的控制台上输入一样。


Telnet & Wireshark

我们可以通过命令 telnet [server] [port] 来登录相应的服务器,在 Wireshark 的过滤器窗口中,通过对不同应用层协议的筛选,最终可以看到通过 tenlnet 进行通信的报文数据。

下面分别演示了 telnet 与 Web 服务器、SMTP 服务器以及 POP3 服务器之间进行通信的过程。

WEB Server

登录武汉大学计算机学院官网,并编写相应的HTTP请求报文如下:

1

在 Wireshark 窗口中抓取 HTTP 响应报文包。

1

SMTP Server

登录腾讯邮箱的 SMTP 服务器:

1

Wireshark 抓包:

2

POP3 Server

登录腾讯邮箱的 POP3 服务器:

2

Wireshark 抓包:

1


Telnet & SSH

The Telnet session between the client and the server is not encrypted. Anyone with access to the TCP/IP packet flow between the communicating hosts can reconstruct the data that flows between the endpoints and read the messaging, including the usernames and passwords that are used to log in to the remote machine. This network attack requires very little expertise and can be performed with network debugging tools that are readily available.

传统 Telnet 会话所传输的数据并未加密,而多采用明文传输,因此账号和密码等敏感数据容易被监听、嗅探和中间人攻击。

其主要的通信流程如下图所示:

1

SSH (Secure Shell) provides a secure alternative to Telnet. SSH protects user identities, passwords, and data from network snooping attacks, and allows secure logins and file transfers.

Secure Shell(安全外壳协议,简称SSH)是一种加密的网络传输协议,可在不安全的网络中为网络服务提供安全的传输环境。SSH通过在网络中创建安全隧道来实现SSH客户端与服务器之间的连接。

在设计上,SSH是Telnet和非安全shell的替代品。


References