Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: open telnet port

From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Thu, 09 Sep 2004 14:12:47 -0400
Dave Ewart wrote:




Quite so, as I suggested.

Are there even any legitimate uses for running a telnet daemon any more?
(That is a genuine question - as far as I can see, SSH is always a
perfect replacement).
Sure - a situation where a system needs a low-bandwidth/low CPU-use shell-based communication protocol and sniffing is not an issue for whatever reason.
I agree -- SSHd over telnetd anyday. However, you asked for a genuine scenario where telnetd could be legitimately used and they do exist. I'm not saying that it's the greatest security ever, but encryption != security, but it can be used as part of a plan to secure a network in the right circumstances (most circumstances). What security tools one uses depends on what the situation is.
SSHd doesn't come with a 0-cost basis. It's relatively low cost, but there are circumstances where resources may not be available enough to justify it's use in that situation. 

            -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: