OSS PING
If you are interested in the OSS ping list please mail me
Posted on 02/12/2007 10:35:07 PM PST by zeugma
Nonetheless, this is a good opportunity to issue a reminder to check for those telnet daemons. Disable them. Destroy them. Drive them before you and hear the lamentations of their women!
Seriously... Though this a hack against Solaris versions of the telnet daemons, do what you can to search out and disable telnet wherever you find it.
The only remaining purpose to telnet imo, is if there is absolutely, positively no other way to do it. The telnet client is useful for testing connectivity between computers on various ports, but the servers have no place in the 21st century.
Forward and ping to any tech folks please. This is a biggie for those running solaris.
Conan say use SSH.
Is there any objection to telnet servers that don't allow any sort of shell access? Things like low-security BBS's and such?
OSS PING
If you are interested in the OSS ping list please mail me
Yes, Telnet is VERY bad, ssh should be used instead when possible. I have done as you have in disabling ftp, as it is just as bad as telnet. I have people either use scp or sftp.
As long as no one is logging on.
Telnet passes both username AND password in the clear. These days, this is just asking to get your users hacked.
Absolutely! ftp sucks as bad as telnet for security. It can be useful as an anonymous fileserver (in that it is a more efficient protocol for serving files than http), but beyond that, it shouldn't be used unless there is no other option.
Besides scp is so much more flexible! Want to move a file from A, to B, while you are logged into C...
scp a:file.txt b:.
scp rocks lots more than ftp :-)
IIRC, some of the earliest 'hacks' were merely brute-force telnet login cracking. Telnet daemon has always been a no-no.
Gaaaaaa!
The word is "than", people! THAN!
There, I feel better now. :-)
The only time I ever telnet anymore is to watch Star Wars in ASCII animation. telnet://towel.blinkenlights.nl
LOL. I can relate.
Dude, that's like, so demented!
I wonder how big the file is.
How is that any worse than logging into a non-https: web site?
Not much worse. Problem is, a telnet login is going to give you a shell prompt. Getting shell access is more than half the battle to any hacker, because there are so many programs out there that are vulnerable to local exploits. Sites that may be pretty proactive on processes that listen on sockets are often less proactive about many local programs. This is really not a good idea, as most hacking is done by insiders, but it is more common than you might think.
What sort of shell prompt do you get with telnet:bbsmates.com or any of the other telnet-BBSs out there? I would think that while such sites aren't a lot better than non-https: password-protected sites, they at least divvy the password among different packets in such a way that one can't simply look for packets containing a string like "&password=foobar".
Interesting...
though otoh, the first thing we learned at school when we have to connect into the Unix servers is Thou Shalt Not Use Telnet. For it is unholy.
"Disable them. Destroy them. Drive them before you and hear the lamentations of their women!"
Good point...
That is crazy...
...but interesting.
(even though I'm stuck on a terminal with Slax Frodo, I can still telnet and SSH).
BTW, as an experiment, I managed to program a stateless telnet server on a DSP. It doesn't do much (it echoes back what's sent to it, with a few character translations that show what other processing the DSP is doing) but what's interesting about it is that the DSP neither knows nor cares how many devices are connected to it. Ever seen anything like that?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.