This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Understanding Lansweeper’s Use of Port 23 (Telnet)

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Tuesday

Overview

Lansweeper performs a series of network probes during its asset discovery process. These probes help determine which services are running on a target device and allow Lansweeper to retrieve additional contextual information where possible. One of the ports included in this process is port 23, typically associated with Telnet.
 
This article explains why Lansweeper scans port 23, how the data is used, and what options are available if your security team prefers to restrict traffic to this port.

Why Lansweeper Scans Port 23

As part of its standard network discovery logic, Lansweeper performs lightweight checks on several common service ports to determine whether they are open and to gather basic banner information. For a complete list of ports scanned by Lansweeper, refer to:
https://community.lansweeper.com/t5/requirements/ports-scanned-or-used-by-lansweeper/ta-p/64273

Port 23 (Telnet) is included because many network appliances and legacy systems still expose Telnet banners that can provide useful system metadata.

Important Clarification

Lansweeper does not use Telnet for authenticated or credentialed scanning.
The platform only:

  • Probes the port to determine whether it is open or closed.
  • If open, attempts to retrieve the server’s welcome banner.

This behavior is similar to how Lansweeper handles other ports such as FTP or SMTP, where banner information can supplement hardware or software identification.

Security Considerations

Telnet is widely considered insecure due to its lack of encryption. It is common for security teams to flag or restrict its use.

Because Lansweeper only performs a passive, unauthenticated probe—and never attempts Telnet-based authentication—the associated risk is minimal. The action is equivalent to a simple port check or banner grab.

Can Port 23 Scanning Be Disabled?

At this time, Lansweeper does not offer a configuration option to disable Telnet probing or exclude specific ports from the built-in scanning logic.

If your security or compliance team prefers not to allow traffic on port 23, the recommended approach is to block the port at the firewall.

Impact of Blocking Port 23

Blocking this port will have minimal operational impact on Lansweeper. The only difference is that Lansweeper will no longer be able to retrieve banner information from Telnet-enabled devices. All other scanning mechanisms will function normally.

Summary

  • Lansweeper includes port 23 in its list of ports to probe for open/closed status and banner retrieval.
  • It does not use Telnet for credentialed scanning.
  • Disabling Telnet scanning within Lansweeper is not currently possible.
  • If required, blocking port 23 at the firewall is a safe and low-impact solution.
Was this article helpful? Yes No
No ratings
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Version history
Last update:
Tuesday
Updated by:
Lansweeper Tech Support