Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 15 Aug 2001 14:44:53 +0930
From:      Greg Lehey <>
To:        Ted Mittelstaedt <>
Cc:        Ryan Thompson <>, William Nunn <>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Remotely Exploitable telnetd bug
Message-ID:  <>
In-Reply-To: <000201c12547$807d8520$>; from on Tue, Aug 14, 2001 at 10:02:37PM -0700
References:  <> <000201c12547$807d8520$>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tuesday, 14 August 2001 at 22:02:37 -0700, Ted Mittelstaedt wrote:
>> -----Original Message-----
>> From: owner-freebsd-questions@FreeBSD.ORG
>> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Greg Lehey
>> The best alternative is: don't use telnet.  Even with this fix, the
>> protocol is inherently insecure.
> At the risk of starting a flame war, it's not the Telnet protocol that's
> insecure, it's the entire TCP/IP protocol - if that is you define insecure as
> sending passwords in cleartext.

I don't understand this.  TCP and IP don't have the concept of a

>  FTP, POP3 and many other commonly used TCP/IP protocols are
> inherently insecure using this definition.

Definitely.  In fact, POP is quite a problem because I don't know of
any well-known secure alternative.  But those are the individual
protocols, not TCP and IP.  ssh runs over TCP and IP as well, but it's
secure, at least by this definition.

> But, a SSH client is worthless if it's run on a system that is full
> of holes and has been compromised.

This applies to all security systems, of course.

> Simple solutions like "don't use Telnet" are nothing more than a
> start, they are not the answer.


See complete headers for address and phone numbers

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <>