From owner-freebsd-questions Mon Aug 7 8:24:24 2000 Delivered-To: freebsd-questions@freebsd.org Received: from tomts2-srv.bellnexxia.net (tomts2.bellnexxia.net [209.226.175.140]) by hub.freebsd.org (Postfix) with ESMTP id 09B9037B69E for ; Mon, 7 Aug 2000 08:24:21 -0700 (PDT) (envelope-from transmogrify@sympatico.ca) Received: from sympatico.ca ([216.208.117.71]) by tomts2-srv.bellnexxia.net (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20000807152418.QZDC8045.tomts2-srv.bellnexxia.net@sympatico.ca>; Mon, 7 Aug 2000 11:24:18 -0400 Message-ID: <398ED45B.38E80373@sympatico.ca> Date: Mon, 07 Aug 2000 11:23:08 -0400 From: Paul Halliday X-Mailer: Mozilla 4.73 (Macintosh; U; PPC) X-Accept-Language: en MIME-Version: 1.0 To: David Fuchs Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Telnet Encryption References: <001001bffde0$7e1a07c0$0201a8c0@beastie.net> Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Check out dsniff "www.monkey.org/~dugsong" it is also in the ports collection. It will reveal both user name and password from a telnet session, ftp, pop, etc. David Fuchs wrote: > I've been told that I can reveal the passwords of my users by sniffing port > 23. I've tried this, but it doesn't seem to work, all I can see is the > user's username. In this case, is security a concern with telnet? Why go to > the extra trouble of SSH when telnet *seems* safe in the first place? The > only way I've been able to retrieve passwords is by sniffing ports 110 and > 143, but I'm a little more concerned with the telnet accounts. Any ideas on > this? > > Thanx! > > -David > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message