telnet behaviour remote vs local

Question

Requesting the local machine fails right away:

telnet localhost 65535      
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

while it runs forever when requesting google or any other remote machine:

telnet www.google.com  65535
Trying 2a00:1450:4007:812::2004...

I suppose non standard ports should be closed on web servers. If yes, telnet should end up with a "Connection refused" right away as well. right?

Answer 1

Actually, this can be caused by multiple sources. A not so known, but common one: There are some firewalls allowing you to delay requests to specific ports. Think about this: Scanning one IP address for all ports only takes a few seconds. If you delay the response (in case the port is not opended for instance) it will take a potential attacker much longer to scan all ports. You could argue that the attacker could count anything taking let´s say 5 seconds or longer as timeout, but, there are applications, SMTP servers for instance, that often actually respond only after 20 seconds or so because of this.

May protocols are trying to be attacked and if you generally define that your mailserver will only respond after 20 seconds, that does not really matter to mails in most cases, most attacks will already count this as timeout and won´t even notice that a mailserver is running there whereas the clients get configured for timeouts of 30 seconds or so and they can connect.

Another common thing is that the windows telnet client won´t really post the output until you press any key.