Hackers turn back the clock with Telnet attacks

By cxo-research On January 27, 2011 · In News

The 40-year old protocol is increasingly being used by hackers, according to Akamai
By Jeremy Kirk
IDG News Service (London Bureau)

LONDON (01/27/2011) – A new report from Akamai Technologies shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.

Akamai, which specializes in managing content and Web traffic, issues quarterly reports on Internet traffic trends. The latest report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol.

Telnet is a remote access tool used to log into remote servers, but it has been gradually replaced by SSH, also known as Secure Shell. Administrators are generally advised to disable Telnet if the protocol is not used to prevent attacks targeting it, but some forget.

Although those attacks originated from mobile networks, Akamai said it did not appear that mobile devices were the source.

“As noted previously, we believe that the observed attack traffic that is originating from known mobile networks is likely being generated by infected PC-type clients connecting to wireless networks through mobile broadband technologies and not by infected smartphones or similar mobile devices,” according to the report.

Including all types of attack traffic sources, about 17 percent of attacks were directed at Telnet. Port 23 was “overwhelmingly the top targeted port for attacks” in Egypt, Peru and Turkey, Akamai said.

“It is not clear if there is a common thread that connects these three countries, nor whether these observed attacks were brute-force login attempts or some other botnet-related traffic,” the report said.

Akamai found that Port 445, which is a commonly used port for Microsoft products, was the most targeted one, although the attacks declined. The attacks peaked more than a year ago due to Conficker, a worm that rapidly spread and targeted the port.

“While the percentages are still fairly significant, this decline may signal ongoing efforts by network service providers to identify and isolate infected systems, as well as ongoing efforts to patch and/or upgrade infected systems,” the report said.

Port 445 attacks were responsible for much of the attack traffic in Brazil, Germany, Italy, Russia, Taiwan and the US. In China, however, attacks against SSH, which runs on Port 22, were more common than those against Port 445, Akamai said.

Tagged with:
 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious Mixx StumbleUpon Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Subscribe to CIO Pakistan Videos on Our YouTube Channel!

Gallery

DSC_7019 DSC_7920 DSC_3324 DSC_6010 copy DSC_3971 DSC00470 DSC_4817 DSC_5883 DSC_6705 copy DSC_2652 copy DSC_4003 DSC08062 DSC09164 DSC_2508 DSC_1853 copy DSC_0059 DSC00365 Year Ahead backup 010 copy.jpg DSC_7033 IMG_0534 TweetDeck 002 copy LUMS 007 copy.jpg DSC_0418 DSC_0117