From owner-freebsd-questions Thu Aug 3 23:49:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from matiple.beastie.net (cr13646-a.lngly1.bc.wave.home.com [24.113.138.52]) by hub.freebsd.org (Postfix) with ESMTP id ACA7737B76F for ; Thu, 3 Aug 2000 23:49:56 -0700 (PDT) (envelope-from dfuchs@uniserve.com) Received: from [192.168.1.2] (helo=david) by matiple.beastie.net with smtp (Exim 3.12 #1) id 13KbKl-0003MC-00 for freebsd-questions@freebsd.org; Thu, 03 Aug 2000 23:51:55 -0700 Message-ID: <001001bffde0$7e1a07c0$0201a8c0@beastie.net> From: "David Fuchs" To: Subject: Telnet Encryption Date: Thu, 3 Aug 2000 23:52:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've been told that I can reveal the passwords of my users by sniffing port 23. I've tried this, but it doesn't seem to work, all I can see is the user's username. In this case, is security a concern with telnet? Why go to the extra trouble of SSH when telnet *seems* safe in the first place? The only way I've been able to retrieve passwords is by sniffing ports 110 and 143, but I'm a little more concerned with the telnet accounts. Any ideas on this? Thanx! -David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message