From owner-freebsd-questions  Mon Jan 21 14: 2:13 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp1.mx.pitdc1.stargate.net (smtp1.mx.pitdc1.stargate.net [206.210.69.141])
	by hub.freebsd.org (Postfix) with SMTP id A9C6E37B400
	for <questions@FreeBSD.ORG>; Mon, 21 Jan 2002 14:02:07 -0800 (PST)
Received: (qmail 4898 invoked from network); 21 Jan 2002 22:01:52 -0000
Received: from dap-209-166-133-115.nfas.greensburg-tnt-2.sns234.pa.stargate.net (HELO wastegate.net) (209.166.133.115)
  by smtp1.mx.pitdc1.stargate.net with SMTP; 21 Jan 2002 22:01:52 -0000
Received: from mother.wastegate.net (mother.wg.local [192.168.1.2])
	by wastegate.net (Postfix) with SMTP
	id DFDF44844F; Mon, 21 Jan 2002 17:02:24 -0500 (EST)
From: "Doug Reynolds" <mav@wastegate.net>
To: "FBSD Questions" <questions@FreeBSD.ORG>,
	"Joe & Fhe Barbish" <barbish@a1poweruser.com>
Date: Mon, 21 Jan 2002 17:04:14 -0500
Reply-To: "Doug Reynolds" <mav@wastegate.net>
X-Mailer: PMMail 2000 Professional (2.20.2380) For Windows 98 (4.10.2222)
In-Reply-To: <LPBBIGIAAKKEOEJOLEGOIEBFCNAA.barbish@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: telnet/ftp security
Message-Id: <20020121220224.DFDF44844F@wastegate.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 19 Jan 2002 11:08:57 -0500, Joe & Fhe Barbish wrote:

>I have telnet & FTP ID/PW access to my FBSD gateway/ipfw 
>box from the internet. Are there any security holes in 
>these two applications that would allow breaking into my system? 

I dont think there is any "security hole" in the daemon themselves, at
least, no one has discovered anything as of yet.

however, both are unsecure, and transmit plain text passwords over the
internet.  any one snooping (although unlikely) can get your password /
user id.

I would kill telnet, and run ssh.  there is also a secure ftp protocol
available in the ports, but it looks like a major kludge instead of a
good fix, at least to me

---
doug reynolds | the maverick | mav@wastegate.net

PGP Public Key Fingerprint: 6E7B 9993 B503 6D45  E33A 2019 26E5 C1DB



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message