Full Disclosure mailing list archives
Re: new ssh exploit?
From: Cael Abal <lists () onryou com>
Date: Wed, 17 Sep 2003 10:44:00 -0400
SSH over VPN ? whould this be more secure or Telnet ( no i dont use this ) over VPN
Good morning Aditya,Although I can't find any sources other than this at the moment, it's commonly understood that a significant number of malicious behaviour originates within an organization's internal network -- that is, your users are the bad guys. The article referenced below says 35%, but I have no idea where they got that number.
http://lists.insecure.org/lists/isn/2000/Jan/0011.htmlThat being the case, consider that VPNs only protect you across the public (untrusted) network. Once you hit your internal (untrusted) network, telnet sessions would be in the clear.
take care, Cael _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new ssh exploit? christopher neitzert (Sep 15)
- Re: new ssh exploit? security snot (Sep 15)
- Re: new ssh exploit? phlox (Sep 15)
- Re: new ssh exploit? Andreas Gietl (Sep 16)
- Re: new ssh exploit? Florian Weimer (Sep 16)
- Re: new ssh exploit? Michael 'Moose' Dinn (Sep 16)
- RE: new ssh exploit? Aditya (Sep 17)
- Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? Andreas Gietl (Sep 16)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Justin Kreger (Sep 15)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Ron DuFresne (Sep 16)