Security Basics mailing list archives
Re: Cisco Telnet Service
From: Matthew Caron <Matt.Caron () sixnet com>
Date: Thu, 27 Jan 2011 15:52:25 -0500
On 01/27/2011 11:17 AM, Richard Robins wrote:
I agree with what you are saying but that would require span to pass traffic from one port to another to be sniffed.
Not necessarily. Theoretically, one can drop a tap inline downstream of your workstation - say a modded WRT54G or similar. Have it establish a persistent tunnel via a variety of typically-allowed egress methods (ssh, OpenVPN, heck, even a series of https puts) to mirror your traffic out.
Alternatively, if you're silly enough to be doing this over wireless, then I already have the traffic, which may or may not be encrypted.
Is getting this traffic hard? Sure. Is it impossible? Nope. Does using ssh make you any worse off? No. So, why not use SSH just in case?
Oh, and as an aside - you can radically cut down on people trying to brute-force passwords if you turn off password authentication via SSH. I only use public-key authentication wherever possible these days, for exactly that reason.
This is especially apropos since this article hit /. today: http://it.slashdot.org/story/11/01/27/1334224/Hackers-Bringing-Telnet-Back -- Matthew Caron Build Engineer Sixnet | www.sixnet.com O +1 518 877 5173 Ext. 138 F +1 518 602 9209 matt.caron () sixnet com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Cisco Telnet Service Muhammad Hafiz Rafek (Jan 24)
- Re: Cisco Telnet Service Muhammad Hafiz Rafek (Jan 24)
- Re: Cisco Telnet Service Adrian J Milanoski (Jan 24)
- Re: Cisco Telnet Service Israel Junior (Jan 24)
- RE: Cisco Telnet Service Dan Tesch (Jan 25)
- Re: Cisco Telnet Service Richard Robins (Jan 26)
- Re: Cisco Telnet Service Matthew Caron (Jan 27)
- RE: Cisco Telnet Service Richard Robins (Jan 27)
- Re: Cisco Telnet Service Matthew Caron (Jan 27)
- Re: Cisco Telnet Service Dan Anderson (Jan 27)
- Re: Cisco Telnet Service Muhammad Hafiz Rafek (Jan 24)
- Re: Cisco Telnet Service bart knippenberg (Jan 27)
- Re: Cisco Telnet Service Muhammad Hafiz Rafek (Jan 25)
- RE: Cisco Telnet Service RRoberts (Jan 26)