Strange Phenomenon: Telnet Connects to Any IP and Port

The telnet command is used to test TCP port connectivity. Recently, in a home network environment, I discovered that telnet connects to any IP and port, which is definitely abnormal.

Problem Reproduction

For example, I telneted to a Baidu IP: 14.215.177.38, and arbitrarily specified port 7890. Baidu has not opened port 7890, so normally it should not be possible to connect. However, the telnet test result was successful.

I tried switching to another Linux machine, and the result was also normal connectivity.

Then, I used Wireshark to capture packets. It showed that the TCP three-way handshake was successful, but retransmission occurred, which was confusing.

Problem Resolution

The main router uses iKuai, so I suspected it was related to the router. I consulted iKuai customer service, who provided the following response (kudos to iKuai customer service for their timely response and problem resolution).

iKuai explained that "Traffic Control - Traffic Splitting - Protocol Splitting - Enhanced Splitting" being enabled can cause some functions to fail. After disabling "Enhanced Splitting," the phenomenon disappeared, and the problem was resolved.

However, the root cause was still not found. I posted on V2EX for help, and most suggestions pointed to transparent proxying. Therefore, I guessed that iKuai's "Enhanced Splitting" is likely implemented via transparent proxying, hijacking all traffic to the proxy (unverified).

Summary

If your network situation also involves telnet connecting to any IP and port, you can troubleshoot via the following methods:

• If you are using the iKuai router system, check if "Enhanced Splitting" is enabled. If so, try disabling it.
• Check if internal network devices are using transparent proxying.
• If any IP email ports are accessible, check if "Huorong Security" email protection is enabled.