During the initial connection handshake with a Telnet server there is an optional exchange of options that tell the client/ server which features are supported on both ends. These features are negotiated using the DO, DONT, WILL and WONT Telnet options.
In case you're not familiar with the DO, DONT, WILL and WONT Telnet options here's an excerpt taken from the official RFC 854:
- WILL: Indicates the desire to begin performing, or confirmation that you are now performing, the indicated option.
- WONT: Indicates the refusal to perform, or continue performing, the indicated option.
- DO: Indicates the request that the other party perform, or confirmation that you are expecting the other party to perform, the indicated option.
- DONT: Indicates the demand that the other party stop performing, or confirmation that you are no longer expecting the other party to perform, the indicated option.
Shodan has been crawling and storing the results of the Telnet handshake for a while now but never made it accessible over the search API/ interface. That's changed and now there are the following new filters and facets:
- telnet.option
- telnet.do
- telnet.dont
- telnet.will
- telnet.wont
These Telnet facets/ filters provide a new way to discover and fingerprint devices. The telnet.option filter/ facet includes all the options that a server knew about, whether they were sent in the DO, DONT, WILL or WONT phase. I.e. it aggregates the results of all the other options into a unique list of features a server is aware of. The other filters/ facets relate directly to the options outlined in the RFC and let you find servers that support specific functionality. For example, here are servers that know about the com_port_option.
Telnet remains a popular service that continues to get deployed and integrated across a variety of products, including the latest in Internet of Things devices. The new features should make it easier to uniquely fingerprint devices and keep track of how Telnet usage is changing over time.