Date: Sun, 11 Mar 2007 00:03:30 -0900 From: Beech Rintoul <beech@alaskaparadise.com> To: freebsd-questions@freebsd.org Cc: Wojciech Puchar <wojtek@tensor.gdynia.pl> Subject: Re: root login with telnetd Message-ID: <200703110003.32974.beech@alaskaparadise.com> In-Reply-To: <20070311081332.G66000@chylonia.3miasto.net> References: <20070310224946.K10353@chylonia.3miasto.net> <200703101338.22384.beech@alaskaparadise.com> <20070311081332.G66000@chylonia.3miasto.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 10 March 2007 22:14, Wojciech Puchar said: > >> with sshd and rshd it can be set, with telnetd - no success. > > > > That is a REALLY BAD idea. Why don't you just publish your > > address and set the root password to nothing. It's only going to > > take a cracker a couple of minutes or less to own your server > > once they find you (and they will). > > another stupid one not answering the question. > > could you describe how you get my password in a couple of minutes > if you are so intelligent? There are and have been many known exploits through telnet. The most recent one a couple of weeks ago affects SunOS where you can, using telnet, get root privileges without even logging in as root. Telnet does everything in clear text including passwords. All that's needed is to get in and install some network sniffing and the first time root logs in they would have the password. For a valid normal user on the LAN, it would be even easier. If you're looking for ease of login look into ssh and keys, that way you don't even need a password. Details are in the handbook. Even works from windows. I don't know anyone that still uses telnet except for testing on a totally closed network. An ISP I worked for disabled it and firewalled the port more than five years ago. Beech -- --------------------------------------------------------------------------------------- Beech Rintoul - Port Maintainer - beech@alaskaparadise.com /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html ---------------------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703110003.32974.beech>