Re: in.telnetd vulnerability??

From: Brian Hatch (focus-sun@ifokr.org)
Date: 08/04/01


Date: Fri, 3 Aug 2001 21:32:23 -0700
From: Brian Hatch <focus-sun@ifokr.org>
To: Ryan Russell <ryan@securityfocus.com>
Subject: Re: in.telnetd vulnerability??
Message-ID: <20010803213223.P31138@ifokr.org>



> I wonder how hard it would be to write a version of the SSH client named
> telnet that would try port 22 before failing to port 23, and do plain
> telnet when used on other ports (telnet mail.example.com 110). Claim it
> is the new telnet client patch. It would allow for some cleartext
> downgrade attacks, but that would at least require active monitoring and
> spoofing. If it were called by the name "ssh", very soft links, it would
> behave normally.

I did this with a simple perl script which would hit port 22
and, if available, exec ssh, else exec telnet.

But it wasn't nearly so helpful as setting up host-based
authentication between unix boxen. Once folks found out
that they could say 'ssh host' vs 'telnet host' and save
3 characters on the command line and type no password,
they were hooked. And it wasn't any less secure than all
those cleartext passwords, really.

Of course rlogin/rsh should always be linked to ssh
instead to allow it by default.

--
Brian Hatch                "Zathras understand.
   Systems and              No, Zathras not understand,
   Security Engineer        but Zathras do."
http://www.ifokr.org/bri/

Every message PGP signed




Relevant Pages

  • Re: I do not get ssh. Why is it more secure?
    ... I ask this because I will be needing to open SSH ... If you put your ssh server on port 12345, it will be free from attacks. ... ssh has a range of benefits over other remote solutions such as telnet or rsh. ... You can can store options for your ssh client for ports and other options, organised by server, which is very convenient if you need to connect to many servers. ...
    (comp.os.linux.misc)
  • Re: Troublleshoot SSH
    ... > I have the SSHD daemon running, yet I can not telnet in on port 22 ... > using an SSH client. ... In PuTTY specify the host name, then change *Protocol* to SSH rather ...
    (comp.unix.solaris)
  • Re: Nailed Telnet & ssh
    ... I used to think I couldn't do a nailed ssh port also, ... The aix box has nailed telnet ports defined in the inittab ... > standard telnet command *thru* the ssh connection. ...
    (comp.databases.pick)
  • Re: Telnet port 25
    ... Subject: Telnet port 25 ... is the sole responsibility of the customer and depends on the customer's ... Configuring sendmail 8.11.0 for Anti-Relay ...
    (AIX-L)
  • Re: Linux Forums unreachable.
    ... DSL router, do you? ... web site that does not match linuxforums.org. ... interesting to see if the problem is specific to port 80. ... ray@RaysComputer:~$ telnet www.linuxforums.org 21 ...
    (Ubuntu)