From owner-freebsd-security Thu Mar 14 11: 9:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14807.mail.yahoo.com (web14807.mail.yahoo.com [216.136.224.223]) by hub.freebsd.org (Postfix) with SMTP id CD22C37B402 for ; Thu, 14 Mar 2002 11:09:36 -0800 (PST) Message-ID: <20020314190936.3548.qmail@web14807.mail.yahoo.com> Received: from [198.88.119.219] by web14807.mail.yahoo.com via HTTP; Thu, 14 Mar 2002 11:09:36 PST Date: Thu, 14 Mar 2002 11:09:36 -0800 (PST) From: krzysztof Strzelczyk Subject: Re: telnet / ipfw question To: "N. J. Cash" Cc: FreeBSD Security In-Reply-To: <3C90E4F9.A4CA41CA@centtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why not use ssh? Of course you will want 3.1 to avoid the fiasco last week. -Chris --- Eric Anderson wrote: > Why do you need telnet so badly? The rules are > fine, but those won't matter > when someone sniffs your plain text password and > source ip, then spoofs it and > logs in as you. > > Eric > > > "N. J. Cash" wrote: > > > > I have telnet enabled on my system running > 4.5-stable and have it hidden > > behind very strick ipfw rules so that the only IP > that has access to the box > > on port 23 is my home static IP, everything else > is denied by the firewall. > > I'm well aware of the risks of having telnet open > and how insecure it can be > > so, i'm just looking for some input here if this > sounds like a safe way to > > have the daemon running on a system. Would there > still be security risks > > involved > > that i'm not aware about running it this way? > > > > Here's basically what's going on in ipfw for port > 23. > > > > ipfw add 1400 allow log tcp from x.x.myip.x.x to > any 23 > > ipfw add 09000 deny log ip from any to any > > > > Look safe ? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of > the message > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur > Technology > If at first you don't succeed, sky diving is > probably not for you. > ------------------------------------------------------------------ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message