Date: Fri, 29 Mar 2002 19:55:29 -0800 From: Benjamin Krueger <benjamin@macguire.net> To: Chris BeHanna <behanna@zbzoom.net> Cc: FreeBSD Security <security@freebsd.org>, freebsd-chat@freebsd.org Subject: Re: SSH or Telnet? Message-ID: <20020329195529.B7895@rain.macguire.net> In-Reply-To: <20020329220256.N38382-100000@topperwein.dyndns.org>; from behanna@zbzoom.net on Fri, Mar 29, 2002 at 10:04:43PM -0500 References: <200203291145.OAA03776@paranoid.eltex.ru> <20020329220256.N38382-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Chris BeHanna (behanna@zbzoom.net) [020329 19:05]: > On Fri, 29 Mar 2002 ark@eltex.ru wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > What's wrong with telnet? I use it frequently and i am pretty satisified with > > it. > > > > (I don't need to encrypt sessions, there is no sensitive information inside. > > Don't tell me about cleartext passwords, there are no cleartext passwords. > > Have a look at ethereal or dsniff. You will be surprised. > > > And if you really need encryption you may run telnet over ipsec) > > IPsec is a VPN solution. If someone in the LAN to which you're > VPN-ing is running a sniffer, then what? > > -- > Chris BeHanna > Software Engineer (Remove "bogus" before responding.) > behanna@bogus.zbzoom.net > I was raised by a pack of wild corn dogs. Our unsuspecting user logs in to the nameserver to update the pornserve.domain.com zone record for the new porn server (yay!). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ roo@rain:~> telnet fog Trying 10.0.0.50... Connected to fog.DOMAIN. Escape character is '^]'. HP-UX fog B.11.00 A 9000/712 (t0) login: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MEANWHILE, IN THE CAVE OF EVILDOERS! Joe Deluer, Evil Hax0r Extrodinaire, listens closely on an upstream link... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ dsniff: listening on fxp0 dsniff: trigger_tcp: decoding port 23 as telnet ----------------- 03/29/02 19:42:33 tcp rain.macguire.net.1392 -> fog.macguire.net.23 (telnet) roo test123 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Ah Ha!", says Joe, "I will 0wn j00 my pretty and your delicious pr0n too!". --- "... there are no cleartext passwords." DESCRIPTION dsniff is a password sniffer which handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020329195529.B7895>