9
While web browsers send, among other things, the User-Agent string, does the Telnet protocol have a similar method of determining anything about the client connecting to it? OS? Specific Telnet client? Etc.
Thufir
Posted 2016-04-05T12:23:17.577
Reputation: 876
14
There is no User-Agent, but there exist a few Telnet protocol options for sending client information:
TERMINAL TYPE – shows the used terminal type (e.g. xterm, urxvt, screen-256color...) You can't really get rid of this without breaking things. Same goes for NAWS which reports the window size (columns × rows).
OLD-ENVIRON and NEW-ENVIRON – can reveal some specific environment variables; some clients also reveal their FQDN in a fake $DISPLAY variable. Sending your configured system locale ($LANG, $LC_*) or timezone ($TZ) is also not uncommon.
XDISPLOC – similar to above, some clients send your FQDN as the X11 display location.
If any of the authentication features are enabled, they can reveal your OS username.
Finally, the whole set of recognized options varies between implementations and can be used as a rough Panopticlick-style fingerprint.
frost$ echo $DISPLAY :0 frost$ telnet telnet> set options Will show option processing. telnet> open m-net.arbornet.org Trying 162.202.67.157... Connected to m-net.arbornet.org. Escape character is '^]'. SENT DO SUPPRESS GO AHEAD SENT WILL TERMINAL TYPE SENT WILL NAWS SENT WILL TSPEED SENT WILL LFLOW SENT WILL LINEMODE SENT WILL NEW-ENVIRON SENT DO STATUS SENT WILL XDISPLOC RCVD DO AUTHENTICATION SENT WONT AUTHENTICATION RCVD WILL SUPPRESS GO AHEAD RCVD DO TERMINAL TYPE RCVD DO NAWS SENT IAC SB NAWS 0 95 (95) 0 46 (46) RCVD DO TSPEED RCVD DO LFLOW RCVD DO LINEMODE SENT IAC SB LINEMODE SLC SYNCH NOSUPPORT 0; IP VARIABLE|FLUSHIN|FLUSHOUT 3; AO VARIABLE 15; AYT NOSUPPORT 0; ABORT VARIABLE|FLUSHIN|FLUSHOUT 28; EOF VARIABLE 4; SUSP VARIABLE|FLUSHIN 26; EC VARIABLE 127; EL VARIABLE 21; EW VARIABLE 23; RP VARIABLE 18; LNEXT VARIABLE 22; XON VARIABLE 17; XOFF VARIABLE 19; FORW1 NOSUPPORT 0; FORW2 NOSUPPORT 0; SENT DO SUPPRESS GO AHEAD RCVD DO NEW-ENVIRON RCVD WILL STATUS RCVD DO XDISPLOC RCVD WILL ENCRYPT SENT DONT ENCRYPT RCVD DO OLD-ENVIRON SENT WONT OLD-ENVIRON RCVD IAC SB TERMINAL-SPEED SEND SENT IAC SB TERMINAL-SPEED IS 38400,38400 RCVD IAC SB X-DISPLAY-LOCATION SEND SENT IAC SB X-DISPLAY-LOCATION IS "frost.nullroute.eu.org:0" RCVD IAC SB NEW-ENVIRON SEND SENT IAC SB NEW-ENVIRON IS VAR "DISPLAY" VALUE "frost.nullroute.eu.org:0" RCVD IAC SB TERMINAL-TYPE SEND SENT IAC SB TERMINAL-TYPE IS "XTERM-256COLOR" RCVD DO ECHO SENT WONT ECHO RCVD WILL ECHO SENT DO ECHO RCVD IAC SB TOGGLE-FLOW-CONTROL OFF RCVD IAC SB TOGGLE-FLOW-CONTROL RESTART-XON RCVD DONT LINEMODE SENT WONT LINEMODE RCVD IAC SB LINEMODE SLC IP VARIABLE|ACK|FLUSHIN|FLUSHOUT 3; AO VARIABLE|ACK 15; ABORT VARIABLE|ACK|FLUSHIN|FLUSHOUT 28; EOF VARIABLE|ACK 4; SUSP VARIABLE|ACK|FLUSHIN 26; EC VARIABLE|ACK 127; EL VARIABLE|ACK 21; EW VARIABLE|ACK 23; RP VARIABLE|ACK 18; LNEXT VARIABLE|ACK 22; XON VARIABLE|ACK 17; XOFF VARIABLE|ACK 19; FreeBSD/i386 (m-net.arbornet.org) (pts/5) login:
user1686
Posted 2016-04-05T12:23:17.577
Reputation: 283 655
2excellent answer. when I read
man telnetthe only listed bug is:The source code is not comprehensible.Curious whether anyone has ever written an up to date client in anything other than C. – Thufir – 2016-04-05T13:23:17.4673That wouldn't be of much use, since the protocol itself is also outdated, as are most servers... SSHv2 is the modern replacement. // also, note that there are several different clients called "telnet" – inetutils-telnet & netkit-telnet, among others. – user1686 – 2016-04-05T17:02:15.883
1Though, on a related note, SSH does have a user-agent string. – user1686 – 2016-04-05T19:51:04.300
1@grawity telnet still sees plenty of use e.g. for diagnostics, though. It's becoming slightly less common thanks to the proliferation of TLS (in favor of e.g. OpenSSL
-connect), but there are still many valid uses for a reasonably bare-bones text connection just like telnet gives you when invoked against a non-telnet server. Of course, your point remains that telnet is not simply software, it's a protocol; it's a bit like calling a web browser HTTP. – a CVn – 2016-04-05T20:05:17.8871@MichaelKjörling But when the telnet command is used for debugging network communication it is not actually speaking the telnet protocol. With the telnet client I just tested simply telling it which port number to connect to will cause it to change behavior. – kasperd – 2016-04-05T21:14:03.833
@MichaelKjörling: For that you have
nc,ncat,socat, and so on. – user1686 – 2016-04-06T11:37:06.590Telnet is still widely used for MUDs (MOOs, MUSHs, etc.). – blubberdiblub – 2017-01-12T23:01:54.260