From owner-freebsd-security  Thu Mar 14 11: 9:41 2002
Delivered-To: freebsd-security@freebsd.org
Received: from web14807.mail.yahoo.com (web14807.mail.yahoo.com [216.136.224.223])
	by hub.freebsd.org (Postfix) with SMTP id CD22C37B402
	for <freebsd-security@freebsd.org>; Thu, 14 Mar 2002 11:09:36 -0800 (PST)
Message-ID: <20020314190936.3548.qmail@web14807.mail.yahoo.com>
Received: from [198.88.119.219] by web14807.mail.yahoo.com via HTTP; Thu, 14 Mar 2002 11:09:36 PST
Date: Thu, 14 Mar 2002 11:09:36 -0800 (PST)
From: krzysztof Strzelczyk <cs052279@yahoo.com>
Subject: Re: telnet / ipfw question
To: "N. J. Cash" <ncash@pei.eastlink.ca>
Cc: FreeBSD Security <freebsd-security@freebsd.org>
In-Reply-To: <3C90E4F9.A4CA41CA@centtech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Why not use ssh?

Of course you will want 3.1 to avoid the fiasco last
week.

-Chris
--- Eric Anderson <anderson@centtech.com> wrote:
> Why do you need telnet so badly?  The rules are
> fine, but those won't matter
> when someone sniffs your plain text password and
> source ip, then spoofs it and
> logs in as you.
> 
> Eric
> 
> 
> "N. J. Cash" wrote:
> > 
> > I have telnet enabled on my system running
> 4.5-stable and have it hidden
> > behind very strick ipfw rules so that the only IP
> that has access to the box
> > on port 23 is my home static IP, everything else
> is denied by the firewall.
> > I'm well aware of the risks of having telnet open
> and how insecure it can be
> > so, i'm just looking for some input here if this
> sounds like a safe way to
> > have the daemon running on a system. Would there
> still be security risks
> > involved
> > that i'm not aware about running it this way?
> > 
> > Here's basically what's going on in ipfw for port
> 23.
> > 
> > ipfw add 1400 allow log tcp from x.x.myip.x.x to
> any 23
> > ipfw add 09000 deny log ip from any to any
> > 
> > Look safe ?
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of
> the message
> 
> -- 
>
------------------------------------------------------------------
> Eric Anderson	   Systems Administrator      Centaur
> Technology
> If at first you don't succeed, sky diving is
> probably not for you.
>
------------------------------------------------------------------
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of
> the message


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message