From owner-freebsd-questions Fri Aug 4 0: 0:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from snowy.org (snowy.org [203.37.251.14]) by hub.freebsd.org (Postfix) with ESMTP id 19D0337B771 for ; Fri, 4 Aug 2000 00:00:39 -0700 (PDT) (envelope-from snowy@snowy.org) Received: from localhost (snowy@localhost) by snowy.org (8.9.3/8.9.3) with ESMTP id RAA27493; Fri, 4 Aug 2000 17:01:08 +1000 (EST) (envelope-from snowy@snowy.org) Date: Fri, 4 Aug 2000 17:01:07 +1000 (EST) From: Sleepless in Brisbane To: David Fuchs Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Telnet Encryption In-Reply-To: <001001bffde0$7e1a07c0$0201a8c0@beastie.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 3 Aug 2000, David Fuchs wrote: > I've been told that I can reveal the passwords of my users by sniffing port > 23. I've tried this, but it doesn't seem to work, all I can see is the > user's username. In this case, is security a concern with telnet? Why go to > the extra trouble of SSH when telnet *seems* safe in the first place? The > only way I've been able to retrieve passwords is by sniffing ports 110 and > 143, but I'm a little more concerned with the telnet accounts. Any ideas on > this? If you are snooping using something like ttysnoop or such then yes you will not see the actual password on the screen. However it will still be quite viewable to anyone with network packet sniffer (have a look at Ethereal sometime and be amazed). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message