RE: Re: Re: open telnet port

["Todd Towles" <toddtowles () brookshires com>]

If you are going to leave telnet open, why would a attacker even mess
with SSH? I would have to agree with the other guys, having a person
there at the remote site (I am sure you have someone) fix the issue. Or
find another encrypted method. 
 
Even on a internal network, I would be against using it full-time.
Unless you trust every person on your internal network? I mean security
breakin don't come from the inside right? ;) lol


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Dries
Robberechts
Sent: Thursday, September 09, 2004 8:05 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Re: Re: open telnet port

I disagree, when running telnetd, people will use it and hence create a
security flaw. Moreover, you would use it yourself with the very
intention of becoming root and starting a secure daemon, which in my
opinion can do lot more harm than good.

Even on a (virtual) private network I would try to avoid it whenever
possible, but using it on a public network as a backup I wouldn't even
consider.


Dries.

> A reasonable use for telnet is when the ssh deamon goes down, or isn't

> started on bootup because of some configuration error...
>
> Yes, I know it isn't secure, but sometimes it can be the last
resort...


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html