| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: Re: Re: open telnet port If you are going to leave telnet open, why would a attacker even mess with SSH? I would have to agree with the other guys, having a person there at the remote site (I am sure you have someone) fix the issue. Or find another encrypted method. Even on a internal network, I would be against using it full-time. Unless you trust every person on your internal network? I mean security breakin don't come from the inside right? ;) lol -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Dries Robberechts Sent: Thursday, September 09, 2004 8:05 AM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Re: Re: open telnet port I disagree, when running telnetd, people will use it and hence create a security flaw. Moreover, you would use it yourself with the very intention of becoming root and starting a secure daemon, which in my opinion can do lot more harm than good. Even on a (virtual) private network I would try to avoid it whenever possible, but using it on a public network as a backup I wouldn't even consider. Dries. > A reasonable use for telnet is when the ssh deamon goes down, or isn't > started on bootup because of some configuration error... > > Yes, I know it isn't secure, but sometimes it can be the last resort... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists