Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Open port 23: Telnet

Author: Government Digital Service

Open port 23: Telnet

What this means

Telnet is a connection orientated network protocol used for remote command-line access to systems.

It operates on TCP port 23 and sends data in plaintext, making it highly insecure and susceptible to packet sniffing.

This could allow unauthorised users to intercept data and authentication information in order to access the remote system.

Why this is a problem

An open Telnet port to a remote system can potentially allow a bad actor to intercept data between the client and remote system. This can allow access to the service if no access controls or authentication is enabled.

How to check if the problem is there

Check open Telnet ports

Run the following command to check if Telnet ports are open.

Windows (Command Prompt):

netstat -an | find ":23"

Linux/Mac (Terminal):

sudo netstat -tulnp | grep ":23"

Test for Access

If an open port is found, try connecting to the Telnet server using:

Telnet <server-ip>

You will be prompted for credentials to access the filesystem of the service.

If anonymous access is allowed, you will be provided with direct access to the filesystem of the service.

How to fix this

Disable Telnet

If Telnet is unnecessary, carry out the following:

  • disable the Telnet service running on the host
  • remove any inbound firewall or port forwarding rules for port 23

Use secure alternatives

Replace Telnet with more secure options, such as:

  • SSH (Secure Shell)

Restrict access

Carry out the following actions:

  • configure firewall rules to block external access
  • enforce strong authentication
  • require strong passwords
  • use multi-factor authentication (MFA), if possible

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now