Date: Thu, 14 Mar 2002 11:59:21 -0600 From: Eric Anderson <anderson@centtech.com> To: "N. J. Cash" <ncash@pei.eastlink.ca> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: telnet / ipfw question Message-ID: <3C90E4F9.A4CA41CA@centtech.com> References: <003501c1cb81$2e12faa0$e8cede18@xeno>
next in thread | previous in thread | raw e-mail | index | archive | help
Why do you need telnet so badly? The rules are fine, but those won't matter when someone sniffs your plain text password and source ip, then spoofs it and logs in as you. Eric "N. J. Cash" wrote: > > I have telnet enabled on my system running 4.5-stable and have it hidden > behind very strick ipfw rules so that the only IP that has access to the box > on port 23 is my home static IP, everything else is denied by the firewall. > I'm well aware of the risks of having telnet open and how insecure it can be > so, i'm just looking for some input here if this sounds like a safe way to > have the daemon running on a system. Would there still be security risks > involved > that i'm not aware about running it this way? > > Here's basically what's going on in ipfw for port 23. > > ipfw add 1400 allow log tcp from x.x.myip.x.x to any 23 > ipfw add 09000 deny log ip from any to any > > Look safe ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C90E4F9.A4CA41CA>