Censys.io datasets provide a rich realm to analyze the Internet and find warts and pimples that normally one cannot see. I recently pulled down the IPv4 dataset for February 2018 and wanted to see which telnet banners are the most popular on the Internet these days. In general, telnet should never be open to the Internet, so I thought it would be interesting to see which vendors don’t protect telnet and which of those “boxes” are the most popular on the Internet.
Easily spotted were Huawei and Mikrotik routers. Those rows that show BCMxxxxxx are all Broadcom routers and when aggregated together even exceed Huawei equipment. The ZXHN is a ZTE router as is the F668 line.
It could very well be that these vendors have since fixed their software and made it more secure but nonetheless there are still hundreds of thousands of home routers out there that are unsecure.
For those that wish to delve deeper into Censys, they have a quick “report builder” which allows one to build customized reports like the one linked here which is entitled “Most common Telnet banners on IPv4 hosts”.
Hank Nussbacher
Hank Nussbacher is Director of Network & Computing Infrastructure. He has worked at IUCC for the past 30 years and is responsible for network design, the NOC team, the CERT team and the cloud team.