From owner-freebsd-arch  Thu Jun 29  3:12:40 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 54B8F37B5A2; Thu, 29 Jun 2000 03:12:38 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA19494;
	Thu, 29 Jun 2000 03:12:38 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Thu, 29 Jun 2000 03:12:38 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Warner Losh <imp@village.org>
Cc: Adrian Chadd <adrian@FreeBSD.ORG>,
	"David O'Brien" <obrien@FreeBSD.ORG>, arch@FreeBSD.ORG
Subject: Re: Disabling inetd? 
In-Reply-To: <200006290620.AAA52838@harmony.village.org>
Message-ID: <Pine.BSF.4.21.0006290310210.19044-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 29 Jun 2000, Warner Losh wrote:

> In message <20000626122520.U36017@zoe.bastard.co.uk> Adrian Chadd writes:
> : The telnet service open by itself poses no security risk.
> : The telnet service *in use* is a security risk.
> 
> Unless you are using the new encrypting telnet.

Even then :-) SRA has protocol weaknesses that make it only "slightly
better" than unencrypted telnet. In other words, it will stop casual
snoopers, but can't stop active attacks at connection establishment time
(and probably during the session as well).

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message