IdeaWell

Project ideas from Hacker News discussions.

The Day the Telnet Died

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Tier‑1 transit filtering of port 23
The discussion centers on a large‑scale block of TCP 23 that was deployed by major backbone providers to stop exploitation of a long‑undisclosed GNU telnetd flaw.

“The rest of it seems to be substantially edited by an LLM too, or at least it’s composed much like LLM outputs often are these days: ‘not a gradual decline, not scanner attrition, not a data‑pipeline problem, but a step function.’” – roywiggins
“The rest of it seems to be substantially edited by an LLM too” – roywiggins

2. Telnet’s legacy and continued use
Many users point out that telnet is still alive in embedded devices, legacy MUDs, and hobbyist systems, and that the block will break those services.

“I still use telnet today (had to). Unsure of the patching here. But it’s definitely locked down to a subset of internal use only.” – RonanSoleste
“I have a few retired SPARC and PA‑RISC boxes that run their period‑appropriate OSes as a hobby. Telnet/rlogin is the more reliable method to get into them remotely.” – fennec‑posix

3. Security debate: telnet vs. SSH
The conversation repeatedly contrasts telnet’s plaintext nature with SSH’s encryption, discussing patching, privilege separation, and the practicality of using SSH for legacy hardware.

“Any business that has a telnet daemon able to be reached by an unauthenticated user is negligent.” – wildzzz
“The rest of it seems to be substantially edited by an LLM too” – wildzzz

4. AI‑generated content skepticism
A sizable portion of the thread is devoted to whether the article and many comments were written by a large‑language model, with users citing style cues and “LLM tic” patterns.

“The rest of it seems to be substantially edited by an LLM too, or at least it’s composed much like LLM outputs often are these days.” – roywiggins
“The rest of it seems to be substantially edited by an LLM too” – roywiggins

These four themes capture the main currents of opinion in the discussion.

🚀 Project Ideas

Telnet‑over‑TLS Gateway

Summary

  • Provides a secure, encrypted tunnel for legacy telnet traffic, bypassing port‑23 filtering.
  • Allows telnet clients to connect to internal services via port 443 or any open port, with optional certificate verification.
  • Enables legacy MUDs, embedded devices, and BBS systems to remain reachable without exposing raw telnet.

Details

Key Value
Target Audience System admins, MUD operators, embedded‑device owners, hobbyists
Core Feature TLS‑wrapped telnet proxy that accepts plain telnet on a public port and forwards to a private telnetd
Tech Stack Go (net, crypto/tls), Docker, optional Nginx for TLS termination
Difficulty Medium
Monetization Revenue‑ready: subscription + free tier

Notes

  • HN users lament “port 23 is blocked” and “telnet is dead”; this solves both by moving to 443.
  • “Telnet over TLS” is a proven pattern (e.g., stunnel), but this tool bundles telnet option handling and auto‑certificate rotation.
  • Ideal for MUDs that still use telnet on port 23 but cannot expose it publicly.

MUD Secure Migration Platform

Summary

  • A SaaS that automates the migration of legacy MUD servers from telnet to secure protocols (SSH, WebSocket, or HTTPS).
  • Provides automated configuration, client‑side adapters, and a migration checklist.
  • Reduces downtime and security risk for long‑running MUD communities.

Details

Key Value
Target Audience MUD developers, community managers, hobbyist game hosts
Core Feature End‑to‑end migration workflow: audit, generate SSH keys, deploy WebSocket gateway, update client configs
Tech Stack Node.js, Docker, Terraform, GitHub Actions, WebSocket server (ws)
Difficulty Medium‑High
Monetization Revenue‑ready: tiered subscription ($10–$50/month)

Notes

  • HN commenters note that many MUDs still run on port 23; this platform removes that pain point.
  • “MUDs should not use port 23” is a recurring theme; the service gives them a painless path to compliance.
  • Community forums can discuss migration strategies, making it a natural discussion hub.

Embedded Telnet Hardening Toolkit

Summary

  • A collection of scripts and firmware patches that detect, audit, and replace vulnerable telnetd on embedded devices.
  • Includes automatic port translation, TLS wrapping, and optional SSH fallback.
  • Helps manufacturers and users secure legacy equipment without costly hardware upgrades.

Details

Key Value
Target Audience Embedded‑device OEMs, sysadmins, IoT hobbyists
Core Feature Automated telnetd scanner, patch deployment, TLS wrapper, SSH fallback generator
Tech Stack Python 3, Ansible, OpenSSL, Docker
Difficulty Medium
Monetization Hobby (open source) with optional paid support contracts

Notes

  • “Telnet is still used in industrial control” is a pain point; this toolkit addresses it directly.
  • HN users discuss “embedded telnet” and “port 23 filtering”; the toolkit offers a practical fix.
  • The open‑source nature encourages community contributions and audits.

Minimal Telnet Client Replacement

Summary

  • A lightweight, cross‑platform telnet client that supports full RFC 854 option negotiation and TLS.
  • Designed to be a drop‑in replacement for telnet and netcat, bundled with a small binary (~200 KB).
  • Provides a simple CLI and optional GUI for legacy users who still need telnet functionality.

Details

Key Value
Target Audience Linux/Windows/macOS users, sysadmins, hobbyists
Core Feature RFC 854 compliant client with TLS, port translation, and auto‑detect of telnet options
Tech Stack Rust (tokio, rustls), cross‑compile for all major OSes
Difficulty Low
Monetization Hobby (MIT license)

Notes

  • Many HN users complain that modern distros no longer ship telnet; this tool fills that gap.
  • “Netcat is better” is a common argument; this client offers the best of both worlds.
  • The small footprint makes it ideal for container images and embedded systems.

Telnet Port Translator Service

Summary

  • A reverse‑proxy service that forwards incoming connections on a public port (e.g., 443) to internal telnetd on port 23.
  • Supports TLS termination, client authentication, and optional IPsec passthrough.
  • Enables organizations to keep telnetd on the internal network while exposing it through a non‑blocked port.

Details

Key Value
Target Audience Enterprises, hosting providers, MUD operators
Core Feature TLS‑terminated reverse proxy with port translation, authentication, and logging
Tech Stack Nginx (stream module), OpenSSL, Docker, optional Lua scripts
Difficulty Medium
Monetization Revenue‑ready: per‑host subscription ($5/month)

Notes

  • “Port 23 is blocked by Tier‑1 providers” is a recurring frustration; this service bypasses it without changing the internal port.
  • HN users discuss “reverse proxy” and “port translation”; the service directly addresses those concerns.
  • The service can be self‑hosted or offered as a managed SaaS, encouraging discussion on best practices.

Read Later