lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: kenneth.d.ng at gmail.com (Kenneth Ng)
Subject: Re: Re: open telnet port

You really should not need this as the norm.  I do this when I'm
working on the ssh daemons, but thats about the only time.  What I do
is I enable it on a screwball port number, then use tcp wrappers to
only allow access from my ip address and change the root password
before I begin.  In that way the opening is there while I may need it,
and if I use the temporary root password, it won't do them much good
unless they compromise the host I'm coming from.  Afterwards I disable
the service and change the root password back.

If you need this on as the norm, please at least use TCP wrappers to
limit  from where it can be accessed, and change any used passwords
immediately after reestablishing control.


On Thu, 09 Sep 2004 13:17:00 +0200, Kim B. Nielsen <kbn@...mi.au.dk> wrote:
> A reasonable use for telnet is when the ssh deamon goes down, or isn't
> started on bootup because of some configuration error...
> 
> Yes, I know it isn't secure, but sometimes it can be the last resort...
> 
> /kbn
> 
> 
> 
> Dave Ewart wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >On Thursday, 09.09.2004 at 08:13 +0200, list@...og.org wrote:
> >
> >
> >
> >>Steve Kudlak wrote:
> >>
> >>
> >>>I'll ask my friend what he does as the "just don't do x"  or just get
> >>>rid of   x  never seems like a good idea.  If you try to connect with
> >>>telnet rather than ssh to that box it just doesn't go through.
> >>>
> >>>
> >>getting rid of telnetd is almost always a very good idea.
> >>
> >>
> >
> >Quite so, as I suggested.
> >
> >Are there even any legitimate uses for running a telnet daemon any more?
> >(That is a genuine question - as far as I can see, SSH is always a
> >perfect replacement).
> >
> >Dave.
> >- --
> >Dave Ewart
> >Dave.Ewart@...cer.org.uk
> >Computing Manager, Epidemiology Unit, Oxford
> >Cancer Research UK
> >PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.4 (GNU/Linux)
> >
> >iD8DBQFBQBL8bpQs/WlN43ARAr0TAJ9N340MHUdsbQV3iiW2rD4sXWNjEwCg4/wm
> >yh0Fe7/G58Dgu+pKoSJAtGM=
> >=hCDd
> >-----END PGP SIGNATURE-----
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> 
> --
> "UNIX is user friendly, it's just selective about who its friends are."
>   --Unknown
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ