From owner-freebsd-security Mon May 6 14: 3:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from borja.sarenet.es (borja.sarenet.es [192.148.167.77]) by hub.freebsd.org (Postfix) with ESMTP id 7CF0A37B430 for ; Mon, 6 May 2002 14:03:12 -0700 (PDT) Received: from there (localhost [127.0.0.1]) by borja.sarenet.es (8.12.3/8.12.3) with SMTP id g46L39R3024026; Mon, 6 May 2002 23:03:10 +0200 (CEST) (envelope-from borjamar@sarenet.es) Message-Id: <200205062103.g46L39R3024026@borja.sarenet.es> Content-Type: text/plain; charset="iso-8859-1" From: Borja Marcos To: solarflux@ziplip.com Subject: Re: Telnet Exploit Date: Mon, 6 May 2002 23:03:09 +0200 X-Mailer: KMail [version 1.3.2] References: <135YGUD5H2YCVJ3JLY3L2CMBQCXYNOQCEADYX2T5@ziplip.com> In-Reply-To: <135YGUD5H2YCVJ3JLY3L2CMBQCXYNOQCEADYX2T5@ziplip.com> Cc: security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday 06 May 2002 21:37, you wrote: > Why in the world are you using telnetd anyhow? You should be using SSH= D > and never telnetd. Telnetd should be 'forbidden'... =09Why? Do you think ssh is more secure? It may not be. Just think about = the=20 complexity of ssh. It has been hit by a bug in zlib, for example. Or has = zlib=20 had an audit as strict as ssh? =09Telnet has its problems, but we should not say that ssh is "more secur= e"=20 acritically. It is obvious that it has advantages, however. =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message