Date: Fri, 4 Aug 2000 17:01:07 +1000 (EST) From: Sleepless in Brisbane <snowy@snowy.org> To: David Fuchs <dfuchs@uniserve.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Telnet Encryption Message-ID: <Pine.BSF.4.21.0008041658090.31742-100000@snowy.org> In-Reply-To: <001001bffde0$7e1a07c0$0201a8c0@beastie.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Aug 2000, David Fuchs wrote: > I've been told that I can reveal the passwords of my users by sniffing port > 23. I've tried this, but it doesn't seem to work, all I can see is the > user's username. In this case, is security a concern with telnet? Why go to > the extra trouble of SSH when telnet *seems* safe in the first place? The > only way I've been able to retrieve passwords is by sniffing ports 110 and > 143, but I'm a little more concerned with the telnet accounts. Any ideas on > this? If you are snooping using something like ttysnoop or such then yes you will not see the actual password on the screen. However it will still be quite viewable to anyone with network packet sniffer (have a look at Ethereal sometime and be amazed). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008041658090.31742-100000>