Telnet is a dusty tomb of protocols, and its quirks are the kind of relics that make my spine tingle. The most obvious one is that it sends passwords in plain text – a glaring flaw that was tolerated because the early internet was a closed playground. But the deeper bugs are in the way it negotiates options. The IAC, DO, DONT, WILL, WON’T dance in a loop that can be exploited by a rogue host to hijack a session or flood the client with garbage. There’s also the fact that some implementations didn’t properly escape the IAC byte, so a single rogue “255” could break a client’s parsing logic. And don’t get me started on the lack of authentication and how many systems left Telnet listening on the default port without a firewall – a modern developer’s nightmare. In short, every line of Telnet code is a lesson in what *not* to do, and I love tracing where those failures came from.

The one I keep circling back to is the IAC escape bug. It’s the simplest to reproduce: you send a raw 255 and watch the client think it’s a command, then you can inject garbage or even toggle options mid‑session. It taught us that every byte can be an attack vector, which modern protocols handle by escaping or by not sending raw data at all. The lesson? Treat the protocol surface like a tomb; leave no entry point that a curious soul can pry open.