Date: Thu, 14 Mar 2002 10:58:39 -0800 (PST) From: Dean Phillips <deanphillips@yahoo.com> To: FreeBSD Security <freebsd-security@freebsd.org> Cc: "N. J. Cash" <ncash@pei.eastlink.ca> Subject: Re: telnet / ipfw question Message-ID: <20020314185839.8844.qmail@web11308.mail.yahoo.com> In-Reply-To: <003501c1cb81$2e12faa0$e8cede18@xeno>
next in thread | previous in thread | raw e-mail | index | archive | help
No, it does not look safe. All of your traffic (including any passwords) can be sniffed any time you use telnet. Limiting the IP address helps but is vulnerable to IP spoofing. IP spoofing can be used to hijack your connection or even log in. I highly recommend ssh as a much better alternative. Clients are available for most common operating systems. Regards, Dean M. Phillips --- "N. J. Cash" <ncash@pei.eastlink.ca> wrote: > I have telnet enabled on my system running > 4.5-stable and have it hidden > behind very strick ipfw rules so that the only IP > that has access to the box > on port 23 is my home static IP, everything else is > denied by the firewall. > I'm well aware of the risks of having telnet open > and how insecure it can be > so, i'm just looking for some input here if this > sounds like a safe way to > have the daemon running on a system. Would there > still be security risks > involved > that i'm not aware about running it this way? > > Here's basically what's going on in ipfw for port > 23. > > ipfw add 1400 allow log tcp from x.x.myip.x.x to any > 23 > ipfw add 09000 deny log ip from any to any > > > Look safe ? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314185839.8844.qmail>