Can a Telnet server detect the client being used through the protocol?
While web browsers send, among other things, the User-Agent
string, does the Telnet protocol have a similar method of determining anything about the client connecting to it? OS? Specific Telnet client? Etc.
There is no User-Agent, but there exist a few Telnet protocol options for sending client information:
TERMINAL TYPE
– shows the used terminal type (e.g. xterm, urxvt, screen-256color...) You can't really get rid of this without breaking things. Same goes forNAWS
which reports the window size (columns × rows).OLD-ENVIRON
andNEW-ENVIRON
– can reveal some specific environment variables; some clients also reveal their FQDN in a fake $DISPLAY variable. Sending your configured system locale ($LANG, $LC_*) or timezone ($TZ) is also not uncommon.XDISPLOC
– similar to above, some clients send your FQDN as the X11 display location.If any of the authentication features are enabled, they can reveal your OS username.
Finally, the whole set of recognized options varies between implementations and can be used as a rough Panopticlick-style fingerprint.
frost$ echo $DISPLAY :0 frost$ telnet telnet> set options Will show option processing. telnet> open m-net.arbornet.org Trying 162.202.67.157... Connected to m-net.arbornet.org. Escape character is '^]'. SENT DO SUPPRESS GO AHEAD SENT WILL TERMINAL TYPE SENT WILL NAWS SENT WILL TSPEED SENT WILL LFLOW SENT WILL LINEMODE SENT WILL NEW-ENVIRON SENT DO STATUS SENT WILL XDISPLOC RCVD DO AUTHENTICATION SENT WONT AUTHENTICATION RCVD WILL SUPPRESS GO AHEAD RCVD DO TERMINAL TYPE RCVD DO NAWS SENT IAC SB NAWS 0 95 (95) 0 46 (46) RCVD DO TSPEED RCVD DO LFLOW RCVD DO LINEMODE SENT IAC SB LINEMODE SLC SYNCH NOSUPPORT 0; IP VARIABLE|FLUSHIN|FLUSHOUT 3; AO VARIABLE 15; AYT NOSUPPORT 0; ABORT VARIABLE|FLUSHIN|FLUSHOUT 28; EOF VARIABLE 4; SUSP VARIABLE|FLUSHIN 26; EC VARIABLE 127; EL VARIABLE 21; EW VARIABLE 23; RP VARIABLE 18; LNEXT VARIABLE 22; XON VARIABLE 17; XOFF VARIABLE 19; FORW1 NOSUPPORT 0; FORW2 NOSUPPORT 0; SENT DO SUPPRESS GO AHEAD RCVD DO NEW-ENVIRON RCVD WILL STATUS RCVD DO XDISPLOC RCVD WILL ENCRYPT SENT DONT ENCRYPT RCVD DO OLD-ENVIRON SENT WONT OLD-ENVIRON RCVD IAC SB TERMINAL-SPEED SEND SENT IAC SB TERMINAL-SPEED IS 38400,38400 RCVD IAC SB X-DISPLAY-LOCATION SEND SENT IAC SB X-DISPLAY-LOCATION IS "frost.nullroute.eu.org:0" RCVD IAC SB NEW-ENVIRON SEND SENT IAC SB NEW-ENVIRON IS VAR "DISPLAY" VALUE "frost.nullroute.eu.org:0" RCVD IAC SB TERMINAL-TYPE SEND SENT IAC SB TERMINAL-TYPE IS "XTERM-256COLOR" RCVD DO ECHO SENT WONT ECHO RCVD WILL ECHO SENT DO ECHO RCVD IAC SB TOGGLE-FLOW-CONTROL OFF RCVD IAC SB TOGGLE-FLOW-CONTROL RESTART-XON RCVD DONT LINEMODE SENT WONT LINEMODE RCVD IAC SB LINEMODE SLC IP VARIABLE|ACK|FLUSHIN|FLUSHOUT 3; AO VARIABLE|ACK 15; ABORT VARIABLE|ACK|FLUSHIN|FLUSHOUT 28; EOF VARIABLE|ACK 4; SUSP VARIABLE|ACK|FLUSHIN 26; EC VARIABLE|ACK 127; EL VARIABLE|ACK 21; EW VARIABLE|ACK 23; RP VARIABLE|ACK 18; LNEXT VARIABLE|ACK 22; XON VARIABLE|ACK 17; XOFF VARIABLE|ACK 19; FreeBSD/i386 (m-net.arbornet.org) (pts/5) login: