Full Disclosure mailing list archives
Re: Re: Re: open telnet port
From: Andrew Haninger <ahaning () gmail com>
Date: Thu, 9 Sep 2004 11:56:19 -0400
So the solution to not run a backup telnet server for updating SSH is to run a second, known insecure version of sshd on a different port, presuming of course, that you are allowed to run said sshd on said high port in the first place.
Sorry, that was stupid of me. First build the new sshd and start it on a high port. If you're supposed to have enough access to update sshd, you should have access enough to run something on a high port.
Which results in something that sounds a bit like security by obscurity, which is bad.
True. Much worse than logging in over telnet would be to run a temporary sshd on a high port. Wait...
You end up presuming that potential attacker cannot do his thing because you are using ssh on an oddball port.
I did not suggest running it there for a long time but rather just enough time to allow you to update your system. You're presuming that your attacker is presuming that you're smart and not using clear-text protocols to administer your server.
Oh, and not everyone is root for all parts of the network they may be administrating.
True. That's why you're the admin and why you're updating sshd. You have root. -Andy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Re: open telnet port, (continued)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Valdis . Kletnieks (Sep 09)
- Re: Re: Re: open telnet port Paul W. Roach III (Sep 09)
- Re: Re: Re: open telnet port Andrew Farmer (Sep 09)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Volker Tanger (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: Re: open telnet port ktabic (Sep 10)
- Re: Re: Re: Re: open telnet port Andrew Farmer (Sep 10)
- Re: Re: Re: Re: open telnet port Gary E. Miller (Sep 10)
- Re: Re: Re: Re: open telnet port Andrew Farmer (Sep 10)