Strange Phenomenon: Telnet Connectivity to Any IP + Port

Publish: 2022-11-26 | Modify: 2022-11-26

telnet command can test the TCP port connectivity. Recently, I found that telnet is able to connect to any IP address and port in my home network environment, which seems a bit abnormal.

Screenshot 1

Problem Reproduction

For example, I telnet to the IP address of Baidu: 14.215.177.38, and then specify a random port 7890. Baidu does not open port 7890, so it should not be possible to establish a connection. However, the telnet test result shows that it is successful.

Screenshot 2

I tried using another Linux machine, and the result is still successful.

Screenshot 3

So I used WireShark to capture packets and found that the TCP three-way handshake was successful, but there was a retransmission, which is confusing.

Screenshot 4

Problem Solution

The main router I am using is iKuai. I suspected that it might be related to the router, so I consulted iKuai's customer service. Here is the response I received (kudos to iKuai's customer service for their prompt response and problem resolution).

Screenshot 5

Screenshot 6

According to iKuai's explanation, the issue is caused by "Flow Control Shunt - Protocol Shunt - Enhanced Shunt" which can lead to the malfunction of certain functions. So after disabling "Enhanced Shunt", the issue is resolved.

Screenshot 7

However, the root cause of the problem is still unknown. I posted a question on V2EX, and most of the answers suggested that it might be caused by transparent proxy. Therefore, I speculate that iKuai's "Enhanced Shunt" is implemented through a transparent proxy, which hijacks all the traffic to the proxy server (not verified).

Screenshot 8

Conclusion

If you also experience the issue of telnet being able to connect to any IP address and port, you can try the following troubleshooting steps:

  • If you are using iKuai router system, check if "Enhanced Shunt" is enabled and disable it if it is enabled.
  • Check if any devices in your internal network are using transparent proxy.
  • If telnet is able to connect to any IP and port for email services, check if "Huorong Security" email protection is enabled.

Comments