Re: Re: Re: Re: open telnet port

["Gary E. Miller" <gem () rellim com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Andrew!

On Fri, 10 Sep 2004, Andrew Farmer wrote:

> Still don't know why you'd use these instead of ssh/sftp, though.

As noted here earlier, if you update OpenSSL you stand a good chance
of dropping ALL your ssh conections until you install a matching
ssh update.  Most sshd will not start if the openssl libs on the
disk are not the same exact version it was compiled with.

When I am updateing hosts hundreds or thousands of miles away in
an unattended facility I can not take chances on a fatal mistake
during an update.  A backdoor telnet has saved my butt many times.

Also seen cases where a trojaned sshd was installed on the target
machine, but it would not run due to configuration issues.  Having
a backdoor telnet means the system is back up in 5 minutes of
remote twiddling instead of dispatching someone to a remote co-lo.

Gotta keep the single points of failure to a minimum.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBQp5/8KZibdeR3qURAsJkAJ9GkiouGrOaOZGdVV3IWZGHWZwisQCfYWKw
Y2AkZ5AhztSUzO5D8j4cUAM=
=OrJe
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html