Date: Sun, 11 Mar 2007 09:43:41 +0000 From: "Christian Walther" <cptsalek@gmail.com> To: "Wojciech Puchar" <wojtek@tensor.gdynia.pl> Cc: freebsd-questions@freebsd.org Subject: Re: root login with telnetd Message-ID: <14989d6e0703110143i53b3d0bfh65d0e4092993e82e@mail.gmail.com> In-Reply-To: <20070311081332.G66000@chylonia.3miasto.net> References: <20070310224946.K10353@chylonia.3miasto.net> <200703101338.22384.beech@alaskaparadise.com> <20070311081332.G66000@chylonia.3miasto.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/03/07, Wojciech Puchar <wojtek@tensor.gdynia.pl> wrote: > >> > >> with sshd and rshd it can be set, with telnetd - no success. > > > > That is a REALLY BAD idea. Why don't you just publish your address and > > set the root password to nothing. It's only going to take a cracker a > > couple of minutes or less to own your server once they find you (and > > they will). > > another stupid one not answering the question. > > could you describe how you get my password in a couple of minutes if you > are so intelligent? Oh, it's really simple: *If* the machine you're trying to configure root access via telnet is connected to the internet - in other terms the telnet port on the machine is accessible from the internet - one can actually brute force his/her way in. And in days of broadband connection several hundred different passwords can be guessed in a matter of seconds. There are tools like "john" that can do a bruteforce or dictionary attacks against password files, but there are similar tools that can do this over the network. To answer the question who should be able to snort you: Some script kiddies who don't understand what's actually going on, but who want to have some fun. This is why you've been told that configuring root access via telnet is a bad idea, just as any other here on this list is being told that it is a bad to configure root login via ssh - for the very same reason. And people asked you for your IP so that they could take care of your host. Since we can't know the IP adress of your host we had to ask. ;) But people who want to crack other machines don't need specific IP adress, they just scan entire networks. As most list members can tell you there are constant attacks against open ssh ports are going on. So this isn't stupidity really.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14989d6e0703110143i53b3d0bfh65d0e4092993e82e>