Full Disclosure mailing list archives

Re: Re: Re: open telnet port

From: Andrew Haninger <ahaning () gmail com>
Date: Thu, 9 Sep 2004 13:10:15 -0400

If you need this on as the norm, please at least use TCP wrappers to
limit  from where it can be accessed, and change any used passwords
immediately after reestablishing control.


I think the real insecurity in telnet comes not from buffer-overflows
and whatnot, but rather from people sniffing the network and getting
your password in a nice convenient program window. Actually, my guess
is that the telnet daemon is probably quite secure in terms of remote
exploits.

Try it sometime on a small temporary network. Start ethereal and the
login over telnet to some machine. Right-click on a telnet packet and
select "Follow TCP Stream". In the next window, view the stream as
ASCII. Hey, look, it's your password. This is what convinced me that
telnet is bad.

-Andy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: open telnet port, (continued)
- - - Re: Re: open telnet port Dave Ewart (Sep 09)
    - Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
    - Re: Re: Re: open telnet port Dave Ewart (Sep 09)
    - Re: Re: Re: Re: open telnet port Dave Horsfall (Sep 09)
    - Re: Re: Re: open telnet port list (Sep 09)
    - Re: Re: Re: open telnet port Honza Vlach (Sep 09)
    - Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
    - Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
    - Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
    - Re: Re: Re: open telnet port Dave Ewart (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port ktabic (Sep 09)
    - Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port ktabic (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port Valdis . Kletnieks (Sep 09)
    - Re: Re: Re: open telnet port Paul W. Roach III (Sep 09)
    - Re: Re: Re: open telnet port Andrew Farmer (Sep 09)

(Thread continues...)