Date: Thu, 17 Jan 2002 14:07:02 -0500 (EST) From: Mike Dresser <mdresser_b@windsormachine.com> To: Jim Flowers <jflowers@cantoncommerce.com> Cc: Andrew Houghton <aah@acm.org>, <freebsd-isp@FreeBSD.ORG> Subject: Re: How to secure telnet? Message-ID: <Pine.LNX.4.33.0201171400410.22240-100000@router.windsormachine.com> In-Reply-To: <200201171849.g0HInAV01755@lily.ezo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 17 Jan 2002, Jim Flowers wrote: > set up a sacrificial host and allow only telnet through your firewall to it. > Allow only ssh -2 from it to your server that has the shell accounts and > firewall out access from it to any of your other machines. Optionally > include a portsentry scanner and keep an eye on the logs. One problem is if you're using telnet and then ssh, and type your passphrase or password in, if someone is sniffing the line at this point they now have access to the shell server using your account. Additionally, I haven't seen anyone touch on the fact the machine the user connects from may be compromised already, giving an attacker your passwords/passphrases/email to your loved ones from a keylogger or similar. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0201171400410.22240-100000>