Telnet – A case study in Nepal

Yesterday in my office , we were discussing on how many network devices are running telnet in Nepal. That curiosity took me to the little research and brings me the interesting data, which I’m going to write about. So far total 9,095 devices are running telnet service and all of them are from ISP (Internet Service Provider). Little fun fact, all of them belongs to Nepal top ISP. This no is really shocking since 9,095 devices are managing over the clear text channel. IN the beginning I searched the telnet option using banner grabbing method which gave me just 51 devices online, but I though this is not right since previous result shows that all the telnet port was changed to 2323 #LOL. So then I’ve refined my search to 23 port. Bingo!!! Almost 10,000 devices are online with telnet daemon running.


Fig. Report sheet on Telnet in Nepal

Let’s break down the report based on City. In Kathmandu 6,125 Lumbini 562 Lalitpur 573 and Bharatpur 42. So not just in Kathmandu, other major city has the same practice. Another prospective from vendor wise, Cisco router is running 203, Cisco catalyst switch has 18 and Siemens HiPath 3000 has 3 telnet service running. In addition, if we filter it from ISP wise, Nepal Telecom has 4,493, WorldLink Communications Pvt has 1,084, Otel Communication Pvt. Ltd has 642, SingNet Pte Ltd has 583 and Websurfer Nepal has 159 number of devices running telnet on public domain.


Telnet is a both a network protocol and an application that uses that protocol. Most often, telnet is used to connect to remote computers and issue commands on those computers. It’s like a remote control for the internet. Telnet is used for a variety of reasons. Almost all of them involve telneting to a remote device and issuing commands. Here are some examples: (Telnet.org)

  • Telnet to a server running BBS software and use various features
  • Telnet to a server running a MUD and play games
  • Telnet to a server and run a command line application such as pine to check mail
  • Telnet to a Linux server and issue various Linux commands
  • Telnet to a router and issue configuration commands (commands for Cisco IOS, Junos, etc)
  • Telnet to an http server port and issue test HTTP commands

Basic telnet includes no encryption of traffic and is therefore susceptible to eavesdropping (aka packet sniffing). In most remote access situations, telnet has been replaced by ssh for improved security across untrusted networks

My Verdict

I came to conclusion that most of the ISP’s network admin does not care about their network service especially in the end devices. This doesn’t’ mean all the client information is exposed, but while maintaining the devices from the management network at least SSH is there. Attacker can grab the management traffic including password. ISP junior level admin and other responsible person should be aware on information security. Devices must be harden as defined in standard guidelines i.e. NIST/SANS.

Saroj Lamichhane

Leave a Reply

Your email address will not be published. Required fields are marked *