What is Port 23? Everything to Know About

Did you know most of the cyber attacks are due to open ports? One of the most frequently targeted is Port 23, which runs the telnet service and is most exploited in the wild by threat actors or cyber criminals.

According to security researchers, millions of routers, IoT devices, and outdated servers still run services on this port, leaving them vulnerable to cybercriminals.

So, if you don’t get it, stay with this blog, and at the end of this post, what are port 23 and telnet? Why is it exploited by hackers in the wild, how does it work, what security vulnerabilities?  Let’s begin!

What is Port 23?

Before understanding port 23, let’s understand what exactly ports?. The port is a logical endpoint used for communication between devices over a network. It is a port is a 16-bit number (ranging from 0 to 65535) that identifies a specific process or service on a device within a network. There are two types of ports, TCP (Reliable, connection-oriented) and UDP (Faster but connectionless).

Understand Ports with This Analogy. The network is like a society where many people (devices) communicate. Your device is like a house in this society. The IP address is like your house address, identifying your location.

A port is like a specific door in your house leading to different rooms (applications/services). Just like different doors serve different purposes (e.g., the front door for guests, the garage for cars, and the back door for deliveries), different applications, servers, services, and processes use different ports to send and receive data.

What Port is 23 used for?

Port 23 is assigned to Telnet, a protocol used for remote communication with servers and networking devices. It’s often used for troubleshooting and testing network services. Think of it as a remote control for computers, allowing users to execute commands on a system from anywhere in the world.

Back in the early days of the internet, Telnet was a game-changer and mostly used by IT professionals. It enables IT admins to configure systems remotely. But there’s one big problem, i.e., “it sends data in plain text”.

That means passwords and sensitive information are exposed to anyone who can access your network traffic, and it can be done easily with the help of tools like Wireshark and other network packet analyser tools.

What is Telnet Port 23 Used For?

The Telnet is outdated, but some organisations still use it. If we look at the Shodan (a search engine that indexes and allows users to search for internet-connected devices) report, which shows a downtrend in the use of port 23.

The Shodan report also shows that currently, “221122” telnet devices have been running across the world.

The telnet Port 23 is used for the following purposes:

Remote Administration

IT teams use the telnet to access network devices, such as routers, switches, and servers, to configure settings or troubleshoot issues remotely.

Example: An administrator logs into a router via Telnet to modify network settings from another location. Since Telnet does not encrypt data, attackers can intercept login credentials and gain unauthorized access.

Debugging & Testing

Developers and network engineers use Telnet to test network connectivity, diagnose issues, and interact with services running on specific ports.

For Example, A developer checks if a web server is responding by running this telnet command “telnet example.com 80”. It tests if Port 80 (HTTP) is open and responding. Debugging over Telnet can expose sensitive system details to potential attackers.

Read Also: What is Port 80? Common Security Risks associated with Port 80 (HTTP)?

IoT Devices and Industrial Devices

IoT (Internet of Things) devices and industrial control systems use Telnet for remote access and configuration.

For example, smart home devices and security cameras use Telnet as their primary remote communication method. Hackers can easily scan for exposed Telnet services using tools like Shodan and exploit weak/default passwords to take control of IoT devices.

Read Also: What is Port 8080? HTTP Port 80 vs 8080 vs 443

Legacy Systems

The old legacy systems, devices and applications use telnet for remote access. These devices and applications are very old and do not get future updates and support from vendors and developers, which causes many vulnerabilities and is easily exploited by hackers.

What is Telnet Protocol? How Port 23 Telnet Works?

Telnet (short for Telecommunication Network) is a text-based protocol used for remote access to computers and network devices over the internet or a local network.

It follows a client-server model, where the client initiates a connection to a remote system running a Telnet server:

1. Client Requests Connection

A user runs a command like this on their device.
“telnet 192.168.1.1 23”

It tells the Telnet client to connect to IP 192.168.1.1 on Port 23.

2. The Telnet Server Accepts the Connection

The Telnet server is running on the remote machine, it responds with a login prompt asking for a username and password. The user enters credentials (username & password) to authenticate.

3. Interactive Session Begins

Once authenticated, the user gets a command-line interface of the remote system. Commands entered by the client are sent to the server and executed, and results are displayed back to the user.

4. Connection Ends

When the user logs out or closes the session, Telnet disconnects.

Security Risks and Vulnerabilities of Port 23 Telnet

Telnet is considered highly insecure because it lacks encryption, which means all the data is transferred in plain text between server and client through the network. That makes it an easy target for cyberattacks.

The major security vulnerabilities associated with Port 23 (Telnet):

Unencrypted Data Transmission

Telnet sends everything in plain text, including passwords and sensitive commands. A hacker running a simple packet-sniffing tool like Wireshark can grab your credentials in seconds. An attacker running Wireshark captures network traffic and retrieves a user’s Telnet login credentials.

Man-in-the-Middle (MITM) Attacks

Telnet doesn’t use encryption or digital certificates, an attacker can intercept and modify Telnet traffic. The attacker can inject malicious commands into the session.

Example: A hacker positions themselves between a Telnet client and server, capturing login credentials and modifying commands before they reach the server.

Brute Force Attacks

Telnet-enabled devices use default or weak passwords, making them an easy target for brute-force attacks. Attackers use tools like Hydra or Medusa to try multiple username-password combinations until they gain access.

IoT Botnet Exploitation

Many IoT devices (CCTV cameras, DVRs, routers, smart devices) still have Telnet enabled by default. Hackers scan the internet for these devices and use default credentials to take control. The Mirai botnet exploited IoT devices with Telnet access, infecting them and launching DDoS (Distributed Denial-of-Service) attacks.

Lack of Multi-Factor Authentication (MFA)

Telnet does not support MFA, meaning once an attacker has a valid password, they can log in without any additional security checks. A hacker steals Telnet credentials from a compromised database dump and MITM attack, then logs in without needing a second authentication factor.

Remote Code Execution (RCE) and Privilege Escalation

Many legacy systems with Telnet have unpatched vulnerabilities, making them open to Remote Code Execution attacks. A hacker exploits a buffer overflow vulnerability in a Telnet server to gain root access and take full control of system.

What are the Potential Conflicts with Port 23?

Services that use Port 23 through Telnet can lead to security hazards and operational difficulties, as well as multiple conflicts in current network systems.

The usage of Port 23 as a Telnet protocol leads to multiple security issues, which result in operational problems and conflicts:

Firewalls Block It

Many firewalls and Intrusion Detection Systems (IDS) block Port 23 by default due to its security risks. Firewalls deny connection to Telnet-based systems, which results in operational interference.

Security Conflicts with SSH (Port 22)

Remote access functions through Port 23 using Telnet, yet this protocol remains insecure as SSH (Port 22) offers secure encryption for the session. IT teams force the use of Secure Shell Protocol instead of Telnet, leading to problems with accessing devices that need Telnet functionality.

Network Conflicts

If multiple devices behind a NAT router need Telnet access, port forwarding conflicts may arise. Only one device can be directly accessed on Port 23 through the NAT.

ISP Restrictions

Many ISPs block Port 23 to prevent cyberattacks. If an organisation relies on Telnet for remote access, ISP blocks can cause conflict.

Conflicts with Other Services Using Port 23

Some applications or malware may incorrectly use Port 23, leading to service failures. If multiple services try to bind to Port 23, conflicts occur.

Legacy Device Conflicts

Old IoT devices, together with routers and industrial systems, continue to use Telnet as their main method for remote system management. The blocking of Port 23 will prevent administrators from accessing their devices through a managed connection.

How to Open Port 23?

To open Port 23 and use Telnet, follow the steps below. This method depends on your operating system (Windows, Linux, macOS).

Step 1: Install and Enable Telnet Server

For Windows, Open PowerShell as administrator and run the following command:

dism /online /Enable-Feature /FeatureName:TelnetServer

Now Start the Telnet service with this command:

sc config tlntsvr start=auto
sc start tlntsvr

For Linux (Ubuntu/Debian):

Open the terminal and Install the Telnet server by this command:

sudo apt update && sudo apt install telnetd -y

Now Start the Telnet service by running this command:

sudo systemctl enable --now inetd                                

Step 2: Open Port 23 in the Firewall

If your firewall is blocking Port 23, you need to allow it manually.

For Windows Firewall, Open Command Prompt as Administrator and run this command.

netsh advfirewall firewall add rule name="Open Port 23" dir=in action=allow protocol=TCP localport=23

For Linux:

with the UFW Firewall, Open the terminal and then run the following command.

sudo ufw allow 23/tcp
sudo ufw reload

Alternatively, on Linux you can use “iptables” and run these commands:

sudo iptables -A INPUT -p tcp --dport 23 -j ACCEPT
sudo iptables-save > /etc/iptables/rules.v4

Step 3: Open Port 23 in the Router

If your router is blocking Telnet port 23, follow this step to open it.

• Login to your router’s admin panel (e.g., 192.168.1.1).
• Navigate to Port Forwarding or NAT Settings.
• Add a new rule:
  • Protocol: TCP
  • External & Internal Port: 23
  • Internal IP: (Enter your device’s IP address, e.g., 192.168.1.100)
• Save and Apply Changes.

Step 4: Verify That Port 23 is Open

Once you’ve opened the port, check if it’s accessible or not.

Check from Another Machine

Run Telnet to your system’s IP address:

telnet <server-IP> 23

If it connects, Port 23 is open.

Test Using Nmap

From another machine, scan for open Port 23:

nmap -p 23 <server-IP>  

If Port 23 is listed as open, the setup was successful.

Conclusion

If your organisation is still using the outdated telnet service, switch it to SSH, which provides better security and follows the current security best practice.

Protect your digital assets with SSL certificates and expert cybersecurity consulting. Contact us today to secure your Organizations and stay ahead of cyber threats!

Search