Date: Mon, 6 May 2002 20:19:41 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: FreeBSD Security <security@freebsd.org> Subject: Re: Telnet Exploit Message-ID: <20020506201808.V13363-100000@topperwein.dyndns.org> In-Reply-To: <200205062103.g46L39R3024026@borja.sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 May 2002, Borja Marcos wrote:
> On Monday 06 May 2002 21:37, you wrote:
> > Why in the world are you using telnetd anyhow? You should be using SSHD
> > and never telnetd. Telnetd should be 'forbidden'...
>
> Why? Do you think ssh is more secure? It may not be. Just think about the
> complexity of ssh. It has been hit by a bug in zlib, for example. Or has zlib
Not vulnerable on FreeBSD unless you have phk_malloc configured to
abort on a double-free.
> had an audit as strict as ssh?
>
> Telnet has its problems, but we should not say that ssh is "more secure"
> acritically.
Yes, I think we can, if only because nothing goes over the wire in
cleartext unless the user deliberately disables encryption for his or
her session.
> It is obvious that it has advantages, however.
Yup.
--
Chris BeHanna
Software Engineer (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020506201808.V13363-100000>