Full Disclosure mailing list archives
Re: Re: Re: open telnet port
From: "Kim B. Nielsen" <kbn () daimi au dk>
Date: Thu, 09 Sep 2004 22:46:24 +0200
Oh.. It seemed my little post stirred something up :)Well, if you use a service, it's not unnecesary. The service only becomes unnecesary, if you have it on, and don't use it :)
And no, I don't have a backup user called test. I'm not Joe Clueless :)I merely suggested, that keeping another way (than ssh) into the server could be a valid argument for keeping a telnet running. I didn't say that my server has a running telnet on it. Actually I have seen machines that couldn't be reached with ssh because they were too overloaded by a wild process, but it was possible to log in to the machine via telnet and kill the wild process, and thereby restore the services on that server quickly.
And, by the way, sometimes it isn't an option to seek out the machine in question and perform tasks on it locally, when it can be avoided. For instance, when there is a big distance between you and the machine.
I liked the idea of a secondary sshd running on the box, just in case. As a matter of fact, I think I would use the idea on my own server.
Some argued that allowing a telnet was an invitation to users to use an unsecure service. Thats certainly true, and it is an aspect that should be thought about if one plans to use an unencrypted service that requires a login...
Regards /kbn Barrie Dempster wrote:
So you'd leave telnet on just incase ssh broke? Can we say "unnecessary service"? Leaving an extra avenue of attack because you might break your SSH is a bad bad bad bad idea. Next you'll be telling us you have a backup user called "test" with password "test" and uid 0, just incase you forget your root pass. Last resort wouldn't be running an unnecessary, unencrypted login service, It would be going local. On Thu, 2004-09-09 at 12:17, Kim B. Nielsen wrote:A reasonable use for telnet is when the ssh deamon goes down, or isn't started on bootup because of some configuration error...Yes, I know it isn't secure, but sometimes it can be the last resort... /kbn Dave Ewart wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 09.09.2004 at 08:13 +0200, list () nolog org wrote:Steve Kudlak wrote:I'll ask my friend what he does as the "just don't do x" or just get rid of x never seems like a good idea. If you try to connect with telnet rather than ssh to that box it just doesn't go through.getting rid of telnetd is almost always a very good idea.Quite so, as I suggested. Are there even any legitimate uses for running a telnet daemon any more? (That is a genuine question - as far as I can see, SSH is always a perfect replacement). Dave.- -- Dave EwartDave.Ewart () cancer org uk Computing Manager, Epidemiology Unit, Oxford Cancer Research UK PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBQBL8bpQs/WlN43ARAr0TAJ9N340MHUdsbQV3iiW2rD4sXWNjEwCg4/wm yh0Fe7/G58Dgu+pKoSJAtGM= =hCDd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: open telnet port, (continued)
- Re: open telnet port Dave Ewart (Sep 07)
- Re: Re: open telnet port Steve Kudlak (Sep 08)
- Re: Re: open telnet port list (Sep 08)
- Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: Re: open telnet port Dave Horsfall (Sep 09)
- Re: Re: Re: open telnet port list (Sep 09)
- Re: Re: Re: open telnet port Honza Vlach (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: open telnet port Steve Kudlak (Sep 08)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: open telnet port Dave Ewart (Sep 07)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)