Bugtraq mailing list archives

Re: RH Linux telnet problems

From: rubini () PROSA IT (Alessandro Rubini)
Date: Thu, 15 Apr 1999 20:32:10 +0200


About preventing telnet as root:

It should issue a error and not ask
for the password, since otherwise it's defeating the whole purpose
of denying root telnet access. The purpose, of course, it's
preventing the raw transmission over the communication media.


The purpose, of course, is preventing "anonymous" root access.  Since
root is is often shared by several people, it's important to know who
is root at a certain time (it may also be a very primitive security
measure over cracker access, but too primitive to be really
successful, imho).

If you want to prevent raw trasmission of passwords, you should
disable telnet and rlogin altogether.

/alessandro

Current thread:

Re: RH Linux telnet problems James, Samuel P (Apr 15)
- <Possible follow-ups>
- Re: RH Linux telnet problems Alessandro Rubini (Apr 15)
- Re: RH Linux telnet problems Dalvenjah FoxFire (Apr 15)
- Re: RH Linux telnet problems Jamie Lawrence (Apr 15)
- Re: RH Linux telnet problems John D. Hardin (Apr 15)