From owner-freebsd-security Fri Aug 17 14:11:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id E2B8937B412 for ; Fri, 17 Aug 2001 14:11:52 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id PAA15144; Fri, 17 Aug 2001 15:11:47 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id PAA15505; Fri, 17 Aug 2001 15:11:47 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15229.34962.653064.226276@nomad.yogotech.com> Date: Fri, 17 Aug 2001 15:11:46 -0600 To: Matt Piechota Cc: "Carroll, D. (Danny)" , Subject: RE: Silly crackers... NT is for kids... In-Reply-To: <20010817165323.F4969-100000@cithaeron.argolis.org> References: <98829DC07ECECD47893074C4D525EFC311561F@citsnl007.europe.intranet> <20010817165323.F4969-100000@cithaeron.argolis.org> X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Even for authentication? > > > > I can understand using a telnet client to manually test SMTP servers or > > other protocols, but I cannot understand why you *need* telnet. > > Mind you I am against using pop3 as well, unless it's encrypted. > > Example 1: > You're on an internal heavily firewalled corporate LAN, where none of your > information is hidden between employees. So you don't care, and you don't > have to worry about installing ssh on every PC's desktop, and teaching > cluon-deprived people to use it. Agreed, but given the recent telnetd exploit, I'm not sure you want it on by default. Even in our heavily-firewalled environment, we don't want *ALL* of the users to have root access on our FreBSD boxes. :) Having the users enable it by default makes them more aware of what's going on. (Although, one could argue that all the folks who are still infected with CodeRed initially enabled it, and have done nothing since...) > Example 2: You're running realtime applications, or applications that > need all available processing power for performance reasons. The > extra overhead of encrypting and decrypting the ssh traffic may drop > your performance. Then don't telnet into the box. If you need to monitor a box over an insecure network, then encryption/decryption is a necessity, IMHO. > Let's not forget that until the recently done work of the OpenSSH team, > you couldn't use SSH in a commercial environment with out paying for it. > And besides, sniffing passwords isn't that terribly easy if you're using > switched Ethernet anyways. Actually, it is. See the archives of how easy it is to blow the switch out of the water. :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message