Re: in.telnetd vulnerability??From: Brian Hatch (email@example.com)
- Previous message: adam morley: "Re: in.telnetd vulnerability??"
- In reply to: Ryan Russell: "Re: in.telnetd vulnerability??"
- Next in thread: adam morley: "Re: in.telnetd vulnerability??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Aug 2001 21:32:23 -0700 From: Brian Hatch <firstname.lastname@example.org> To: Ryan Russell <email@example.com> Subject: Re: in.telnetd vulnerability?? Message-ID: <20010803213223.P31138@ifokr.org>
> I wonder how hard it would be to write a version of the SSH client named
> telnet that would try port 22 before failing to port 23, and do plain
> telnet when used on other ports (telnet mail.example.com 110). Claim it
> is the new telnet client patch. It would allow for some cleartext
> downgrade attacks, but that would at least require active monitoring and
> spoofing. If it were called by the name "ssh", very soft links, it would
> behave normally.
I did this with a simple perl script which would hit port 22
and, if available, exec ssh, else exec telnet.
But it wasn't nearly so helpful as setting up host-based
authentication between unix boxen. Once folks found out
that they could say 'ssh host' vs 'telnet host' and save
3 characters on the command line and type no password,
they were hooked. And it wasn't any less secure than all
those cleartext passwords, really.
Of course rlogin/rsh should always be linked to ssh
instead to allow it by default.
-- Brian Hatch "Zathras understand. Systems and No, Zathras not understand, Security Engineer but Zathras do." http://www.ifokr.org/bri/
Every message PGP signed
- application/pgp-signature attachment: stored