From owner-freebsd-security  Mon Nov 22  6:58:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 81327158C0
	for <freebsd-security@FreeBSD.ORG>; Mon, 22 Nov 1999 06:58:21 -0800 (PST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id JAA84314;
	Mon, 22 Nov 1999 09:58:10 -0500 (EST)
	(envelope-from wollman)
Date: Mon, 22 Nov 1999 09:58:10 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199911221458.JAA84314@khavrinen.lcs.mit.edu>
To: Jonathan Chen <jon@spock.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?)
In-Reply-To: <D7CF1878D2GZ7J8373.A44257A9835@msidl.d0.localhost>
References: <Pine.BSF.4.21.9911211832330.19746-100000@isr4033.urh.uiuc.edu>
	<NCBBILEECKNKMONCIAIOKECJCDAA.freebsd@gtonet.net>
	<D7CF1878D2GZ7J8373.A44257A9835@msidl.d0.localhost>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Mon, 22 Nov 1999 00:47:35 -0500, Jonathan Chen <jon@spock.org> said:

> 3) People who have no need to use ftpd (or telnetd) does not use
>    ftpd/telnetd.  Thus, cleartext password is never transmitted over these
>    protocols.

Even people who do use ftp/telnet can do so securely if they install
authentication.  (Hint: `telnetd -a user'.)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message