Full Disclosure mailing list archives
Re: Re: Re: open telnet port
From: Andrew Haninger <ahaning () gmail com>
Date: Thu, 9 Sep 2004 13:10:15 -0400
If you need this on as the norm, please at least use TCP wrappers to limit from where it can be accessed, and change any used passwords immediately after reestablishing control.
I think the real insecurity in telnet comes not from buffer-overflows and whatnot, but rather from people sniffing the network and getting your password in a nice convenient program window. Actually, my guess is that the telnet daemon is probably quite secure in terms of remote exploits. Try it sometime on a small temporary network. Start ethereal and the login over telnet to some machine. Right-click on a telnet packet and select "Follow TCP Stream". In the next window, view the stream as ASCII. Hey, look, it's your password. This is what convinced me that telnet is bad. -Andy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: open telnet port, (continued)
- Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: Re: open telnet port Dave Horsfall (Sep 09)
- Re: Re: Re: open telnet port list (Sep 09)
- Re: Re: Re: open telnet port Honza Vlach (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Valdis . Kletnieks (Sep 09)
- Re: Re: Re: open telnet port Paul W. Roach III (Sep 09)
- Re: Re: Re: open telnet port Andrew Farmer (Sep 09)