From owner-freebsd-questions Wed Oct 29 12:54:01 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA13376 for questions-outgoing; Wed, 29 Oct 1997 12:54:01 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from tap.system.ca (freelove.globalserve.net [209.90.128.204]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA13363 for ; Wed, 29 Oct 1997 12:53:52 -0800 (PST) (envelope-from pjp@tap.system.ca) Received: from localhost (pjp@localhost) by tap.system.ca (8.8.7/8.8.5) with SMTP id PAA02748; Wed, 29 Oct 1997 15:56:46 -0500 (EST) Date: Wed, 29 Oct 1997 15:56:45 -0500 (EST) From: Peter Philipp To: Dean cc: ringlord@bbs.dcoisp.net, freebsd-questions@FreeBSD.ORG Subject: Re: login as root remotely not possible? In-Reply-To: <3.0.1.32.19971029090752.006a3fdc@mail.thegrid.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > >Another reason this is a bad idea is that if someone does a dictionary > >attack on your telnet login root cannot be compromised. > > How would one gain access this way? > Dean Say your telnetd is not using tcp wrappers. And ttyp? is secure,as stated in /etc/ttys. Someone (who has a fast connection) and is really desperate to get into a system may run a program that tries to login as root and at every Password: tries a different passwd taken from a dictionary or a brute force method. Of course this is a lengthy process and if the root passwd is fairly good chances are slim. A administrator would probly catch a would-be hacker just by reading the syslogs. But imagine the administrator doesn't or goes on a 2 week vacation and the replacement doesn't read syslogs. Also if the box is a sort of forgotten ugly duckling on a network and noone even used in in months, and syslogs aren't forwarded anywhere. This is a _what if_ situation but the reality is that some people would do such a attack. Peter