Full Disclosure mailing list archives

Re: Re: Re: open telnet port

From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 09 Sep 2004 14:15:06 +0100

On Thu, 2004-09-09 at 14:28, ktabic wrote:

How about, as a service to enable as you are updating SSH remotely from
the other side of the country to fix the most recent problem security
problem and need a backup system to get into the server in the event
that something goes wrong?

ktabic


In that case I'd do one of the following,

1. Run a separate instance of ssh on another port and keep an active
connection.

2. Run any other encrypted access method.

3. Call my data centre to help me out, since thats what i pay them for.

Telnet should not be used as a last resort, it should only be used as
the _only_ resort, by that I mean embedded devices not capable of
anything other than telnet. Although anyone with security in mind
wouldn't purchase a device of this type.

This is the second post recommending telnet as a backup access method.
So you guys are telling us.....

"People are sniffing your passwords, use SSL!!!! but if you want plain
text just use it, they don't sniff your passwords when you are doing
emergency repairs" 
_slightly_ paraphrased obviously. 

Do you guys honestly believe the things you say?

Set your systems up properly with a backup login method if you need it,
but don't run it until you are doing something that might make it
necessary and ENCRYPT it. Laziness on the part of the admin is a major
contributing factor to most security incidents, Using telnet has only
been justified by the fact that you are too lazy to setup a proper
alternate access method.

On my server if I break the firewall rules or in some other way prevent
myself getting remote access (including halting the machine), I have an
alternate login method which I can access over ssh giving me access to
the machines local terminals, provided by my data centre. That's because
the people employed in the data centre are not lazy admins and know what
they are doing.
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: Re: Re: open telnet port, (continued)
- - - Re: Re: Re: open telnet port Dave Ewart (Sep 09)
    - Re: Re: Re: Re: open telnet port Dave Horsfall (Sep 09)
    - Re: Re: Re: open telnet port list (Sep 09)
    - Re: Re: Re: open telnet port Honza Vlach (Sep 09)
    - Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
    - Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
    - Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
    - Re: Re: Re: open telnet port Dave Ewart (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port ktabic (Sep 09)
    - Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port ktabic (Sep 09)
    - Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
    - Re: Re: Re: open telnet port Valdis . Kletnieks (Sep 09)
    - Re: Re: Re: open telnet port Paul W. Roach III (Sep 09)
    - Re: Re: Re: open telnet port Andrew Farmer (Sep 09)
    - Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
    - Re: Re: Re: open telnet port Volker Tanger (Sep 09)

(Thread continues...)