nanog mailing list archives
Re: Kind of sad
From: Michael Thomas <mike () mtcc com>
Date: Tue, 11 Nov 2014 07:44:04 -0800
On 11/11/2014 01:05 AM, Karl Auer wrote:
Someone who puts a real switch doing real work on the Internet with working telnet access is asking to have at least the switch compromised very quickly. A plaything, a honeypot, or a teaching tool - maybe. Anything else, probably a bad idea. Remember that if I own your switch, I own all the data sent to or from any system connected to that switch... Regards, K.
How so? Assuming that you're using password auth, the real vulnerability is somebody figuring out the password and owning the box. SSH certainly helps here immensely with rsa auth, but only if you use it.
An active MITM attack or passive snooping on telnet streams seems like it would be orders of magnitude less dangerous on a list of threats. SSH is definitely a Good Thing, but it's not a sliver bullet.
Mike
Current thread:
- Re: Kind of sad, (continued)
- Re: Kind of sad Aaron C. de Bruyn (Nov 10)
- Re: Kind of sad Miles Fidelman (Nov 10)
- Re: Kind of sad Eugeniu Patrascu (Nov 11)
- Re: Kind of sad Joe (Nov 10)
- Re: Kind of sad Jason Hellenthal (Nov 10)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Michael Thomas (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Ricky Beam (Nov 11)
- Message not available
- Re: Kind of sad Larry Sheldon (Nov 11)
- Re: Kind of sad Sholes, Joshua (Nov 12)
- Re: Kind of sad Justin M. Streiner (Nov 12)