From owner-freebsd-security Mon May 6 17:19:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id 2D83437B401 for ; Mon, 6 May 2002 17:19:47 -0700 (PDT) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.12.3/8.12.3) with ESMTP id g470Jkuk013512 for ; Mon, 6 May 2002 20:19:46 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Mon, 6 May 2002 20:19:41 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: FreeBSD Security Subject: Re: Telnet Exploit In-Reply-To: <200205062103.g46L39R3024026@borja.sarenet.es> Message-ID: <20020506201808.V13363-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 6 May 2002, Borja Marcos wrote: > On Monday 06 May 2002 21:37, you wrote: > > Why in the world are you using telnetd anyhow? You should be using SSHD > > and never telnetd. Telnetd should be 'forbidden'... > > Why? Do you think ssh is more secure? It may not be. Just think about the > complexity of ssh. It has been hit by a bug in zlib, for example. Or has zlib Not vulnerable on FreeBSD unless you have phk_malloc configured to abort on a double-free. > had an audit as strict as ssh? > > Telnet has its problems, but we should not say that ssh is "more secure" > acritically. Yes, I think we can, if only because nothing goes over the wire in cleartext unless the user deliberately disables encryption for his or her session. > It is obvious that it has advantages, however. Yup. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message