Use Telnet to connect to port 68. What happens? Explain.

Using Telnet to Test TCP Services
a. In Part 1, nginx was found to be running and assigned to port 80 TCP. Although a quick Google search revealed that nginx is a lightweight web server, how would an analyst be sure of that? What if an attacker changed the name of a malware program to nginx, just to make it look like the popular web server? Use telnet to connect to the local host on port 80 TCP:

[analyst@secOps ~]$ telnet 127.0.0.1 80

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

b. Press a few letters on the keyboard. Any key will work. After a few keys are pressed, press ENTER. Below is the full output, including the Telnet connection establishment and the random keys pressed (fdsafsdaf, this case):

fdsafsdaf

HTTP/1.1 400 Bad Request

Server: nginx/1.10.2

Date: Tue, 28 Feb 2017 20:09:37 GMT

Content-Type: text/html

Content-Length: 173

Connection: close







400 Bad Request

nginx/1.10.2





Connection closed by foreign host.

Thanks to the Telnet protocol, a clear text TCP connection was established, by the Telnet client, directly to the nginx server, listening on 127.0.0.1 port 80 TCP. This connection allows us to send data directly to the server. Because nginx is a web server, it does not understand the sequence of random letters sent to it and returns an error in the format of a web page.
While the server reported an error and terminated the connection, we were able to learn a lot. We learned that:
1) The nginx with PID 395 is in fact a web server.
2) The version of nginx is 1.10.2.
3) The network stack of our CyberOps Workstation VM is fully functional all the way to Layer 7.
Not all services are equal. Some services are designed to accept unformatted data and will not terminate if garbage is entered via keyboard. Below is an example of such a service:
c. Looking at the netstat output presented earlier, it is possible to see a process attached to port 22. Use Telnet to connect to it.
Port 22 TCP is assigned to SSH service. SSH allows an administrator to connect to a remote computer securely.
Below is the output:

[analyst@secOps ~]$ telnet 127.0.0.1 22

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

SSH-2.0-OpenSSH_7.4

sdfjlskj

Protocol mismatch.

Connection closed by foreign host.

Referring back to the netstat output, it is possible to see that port 68 is in fact a UDP port. Telnet is a TCP-based protocol and will not be able to connect to UDP ports.