Date: Sat, 18 Aug 2001 00:51:32 -0400 (EDT) From: Mikhail Kruk <meshko@polkan2.dyndns.org> To: Laurence Berland <stuyman@confusion.net> Cc: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, <freebsd-security@FreeBSD.ORG> Subject: RE: Silly crackers... NT is for kids... Message-ID: <Pine.BSF.4.33.0108180041390.92972-100000@localhost> In-Reply-To: <Pine.NEB.3.96.1010817065036.17482A-100000@euphoria.confusion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In a corporate environment (as it was mentioned here before) telnet is useful. Users of Unix boxes in big companies tend to be programmers, not system administrators and hackers. The best environment for development is when any service is enabled and all users have blank passwords so that anyone can use anyone's machine. But of course disabling telnet for accessing from the outside world is a problem because people do want to use start, run, telnet, not some weird ssh program. But there exists a way to make people stop using telnet. First of all tell them about ssh clients. Putty is absolutely the best for Win32: http://www.chiark.greenend.org.uk/~sgtatham/putty/ Install MindTerm applet on your server so that people will be able to access it without any downloads. And finally setup your telnetd so that it will print a message saying "telnet is insecure. please use ssh" etc. It will display this message, sleep for 60 seconds and then run normal telnetd. Most people will just sit there and wait for 60 seconds, then use telnet. After one or two month of this torture disable telnetd for good (keep the message, but don't run telnetd). People will download ssh and think "Thank God, I don't have to wait for 60 seconds now! I love that SSH thing!" That's what our sysadmin did (shell server used by some 4000 undergrads) and it worked. On Fri, 17 Aug 2001, Laurence Berland wrote: > In a corporate environment, telnet should be long dead. Unfortunately, > when your user base is the various and random members of a program at a > University, it's not so easy. I took telnet down on a Linux server until > I had a patch. It was down for three days. My replies to their emails > included a free ssh client for windows, but alas, start->run->"telnet" is > what they want to do, and taking telnet down only makes them mad. > > L: > > On Fri, 17 Aug 2001, Carroll, D. (Danny) wrote: > > > Agreed > > As far as I am concerned, anything less than SSH is asking for trouble. > > > > -----Original Message----- > > From: Mikhail Aronov [mailto:aronov@parkline.ru] > > Sent: Friday, August 17, 2001 12:54 PM > > To: freebsd-security@FreeBSD.ORG > > Subject: Re: Silly crackers... NT is for kids... > > > > > > On Aug 17, 2001, Roger Chien wrote: > > > > >Don't you know that the effect of Code Red infected machine? > > >Most of them are innocent. > > > > > >BTW, your FreeBSD isn't absolutely secure, apply telnet-AYT patch > > >already? > > I was sure telnet died about 20 years ago together with passwordless > > logins etc. Uncrypted session == broadcast session, isn't it? > > > > Mikhail Aronov > > aronov@parkline.ru > > ----------------------------------------------------------------- > > ATTENTION: > > The information in this electronic mail message is private and > > confidential, and only intended for the addressee. Should you > > receive this message by mistake, you are hereby notified that > > any disclosure, reproduction, distribution or use of this > > message is strictly prohibited. Please inform the sender by > > reply transmission and delete the message without copying or > > opening it. > > > > Messages and attachments are scanned for all viruses known. > > If this message contains password-protected attachments, the > > files have NOT been scanned for viruses by the ING mail domain. > > Always scan attachments before opening them. > > ----------------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > Laurence Berland > http://www.isp.northwestern.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0108180041390.92972-100000>