MEDIUM: Accessible Telnet Report

DESCRIPTION LAST UPDATED: 2025-02-03

DEFAULT SEVERITY LEVEL: MEDIUM

This report identifies hosts that have an Telnet instance running on port 23/TCP (and others) that are accessible on the Internet.

Telnet provides no encryption and may expose sensitive information or system credentials.

In addition we also scan for:

Zyxel CPE equipment likely vulnerable to CVE-2024-40891. Severity level is set to CRITICAL [tagging added 2025-01-31]
Devices compromised by the 7777 botnet (as reported by Bitsight). These are tagged 7777 and their severity level is set to CRITICAL. Make sure to investigate and check for any wider compromises.

You can track accessible telnet instances on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_telnet, scan6_telnet

Fields

timestamp

Time that the IP was probed in UTC+0
severity

Severity level
ip

The IP address of the device in question
protocol

Protocol that the response came on (always TCP)
port

Port that the response came from (23/TCP)
hostname

Reverse DNS name of the device in question
tag

Set to telnet by default. Can also be 7777 for compromised instances.
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question resides
naics

North American Industry Classification System Code
hostname_source

Hostname source
banner

The login banner of the Telnet service
sector

Sector the IP belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","banner","sector"
"2010-02-10 00:00:00",medium,192.168.0.1,tcp,2323,node01.example.com,telnet,64512,ZZ,Region,City,0,,"Authorized access only",
"2010-02-10 00:00:01",medium,192.168.0.2,tcp,2323,node02.example.com,telnet,64512,ZZ,Region,City,0,ptr,"Authorized access only",
"2010-02-10 00:00:02",medium,192.168.0.3,tcp,2323,node03.example.com,telnet,64512,ZZ,Region,City,0,ptr,"Authorized access only",

Our 133 Report Types

« Back to Network Reporting