nanog mailing list archives
Re: Kind of sad
From: Javier J <javier () advancedmachines us>
Date: Tue, 11 Nov 2014 06:07:25 -0500
Found it. telnet://route-server.he.net On Nov 11, 2014 6:05 AM, "Javier J" <javier () advancedmachines us> wrote:
I agree with you 100 percent. But my point is. Telnet in and of itself isn't broken. Not that I would want to leave it open to the world. He.net has a router you can log into over telnet with no auth. Forgot URL but you can find it on their site. On Nov 11, 2014 4:05 AM, "Karl Auer" <kauer () biplane com au> wrote:On Tue, 2014-11-11 at 03:32 -0500, Javier J wrote:Is there a vulnerability in telnet to be exploited? If not it might beonpurpose. I know of switching gear that is publicly accessible viatelnet. telnet does not of itself encrypt anything. If you log in somewhere via telnet, everything that passes between you and the remote end is passing in clear text. That is true for all data sent to you or from you during the whole session, but especially for the username and password you may have used to log in with. Unless you have secured the channel by some other means (an encrypted tunnel, for example) or you own and control and can vouch for every piece of the infrastructure between you and the remote end, using telnet is just about the most insecure thing you can do short of mailing stuff to yourself on postcards. Someone who puts a real switch doing real work on the Internet with working telnet access is asking to have at least the switch compromised very quickly. A plaything, a honeypot, or a teaching tool - maybe. Anything else, probably a bad idea. Remember that if I own your switch, I own all the data sent to or from any system connected to that switch... Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer () biplane com au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Current thread:
- Re: Kind of sad, (continued)
- Re: Kind of sad Brian Henson (Nov 10)
- Re: Kind of sad Mike Hale (Nov 10)
- Re: Kind of sad Aaron C. de Bruyn (Nov 10)
- Re: Kind of sad Miles Fidelman (Nov 10)
- Re: Kind of sad Eugeniu Patrascu (Nov 11)
- Re: Kind of sad Mike Hale (Nov 10)
- Re: Kind of sad Joe (Nov 10)
- Re: Kind of sad Jason Hellenthal (Nov 10)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Brian Henson (Nov 10)
- Re: Kind of sad Michael Thomas (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Ricky Beam (Nov 11)
- Message not available
- Re: Kind of sad Larry Sheldon (Nov 11)
- Re: Kind of sad Sholes, Joshua (Nov 12)
- Re: Kind of sad Justin M. Streiner (Nov 12)