OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [Full-Disclosure] Re: Re: open telnet port

From: Todd Towles (toddtowlesbrookshires.com)
Date: Thu Sep 09 2004 - 09:38:16 CDT


If you are going to leave telnet open, why would a attacker even mess
with SSH? I would have to agree with the other guys, having a person
there at the remote site (I am sure you have someone) fix the issue. Or
find another encrypted method.
 
Even on a internal network, I would be against using it full-time.
Unless you trust every person on your internal network? I mean security
breakin don't come from the inside right? ;) lol

-----Original Message-----
From: full-disclosure-adminlists.netsys.com
[mailto:full-disclosure-adminlists.netsys.com] On Behalf Of Dries
Robberechts
Sent: Thursday, September 09, 2004 8:05 AM
To: full-disclosurelists.netsys.com
Subject: Re: [Full-Disclosure] Re: Re: open telnet port

I disagree, when running telnetd, people will use it and hence create a
security flaw. Moreover, you would use it yourself with the very
intention of becoming root and starting a secure daemon, which in my
opinion can do lot more harm than good.

Even on a (virtual) private network I would try to avoid it whenever
possible, but using it on a public network as a backup I wouldn't even
consider.

Dries.

> A reasonable use for telnet is when the ssh deamon goes down, or isn't

> started on bootup because of some configuration error...
>
> Yes, I know it isn't secure, but sometimes it can be the last
resort...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html