DomainCare.
Start free trial
What breaksCoverageDocsBlogPricing
ToolsDomain health checkDNS propagation checkerSitemap validatorBlacklistsOpen ports
Sign in
All ports
Referencehigh severity

Port 23 · Telnet

Telnet on port 23 transmits everything in plaintext, including passwords. There is no legitimate reason to expose it to the public internet in 2026.

What runs on port 23

Telnet is a remote-shell protocol from the 1969 RFC era. The wire protocol is unencrypted plaintext — any network observer between client and server sees every keystroke, including credentials.

Why public exposure is dangerous

Beyond the plaintext-credentials problem, exposed telnet ports are the canonical brute-force attack target on the internet. The Mirai botnet was built almost entirely from compromised IoT devices with default telnet credentials. Modern threat actors continue to scan port 23 for the same reason.

How to lock it down

Disable telnet entirely. Replace with SSH on a non-default port. If a piece of legacy hardware can only speak telnet, isolate it on a management VLAN with no internet routing and no public ingress.

When public exposure is legitimate

None. Any device that requires telnet for management is a security debt to migrate off, not a service to expose.

Other ports DomainCare scans

  • :3306 MySQL MySQL listens on port 3306 by default. Public exposure is a critical data-leak risk.
  • :5432 PostgreSQL PostgreSQL listens on port 5432 by default. Public exposure is a critical data-leak risk equivalent to MySQL.
  • :6379 Redis Redis listens on port 6379 by default. Public exposure historically allows unauthenticated arbitrary code execution.
  • :27017 MongoDB MongoDB listens on port 27017 by default. Historically responsible for the largest single data-leak class — pre-3.0 builds shipped without authentication enabled.