Re: telnet replacement - not ssh?

From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 01/18/03

• Next message: Dr Deadpan: "Re: Putty Question: How can I disable vim in putty?"
• Previous message: Nico Kadel-Garcia: "Re: sshd for windows giving always invalid passwd"
• In reply to: Dimitri Maziuk: "Re: telnet replacement - not ssh?"
• Next in thread: marsd: "Re: telnet replacement - not ssh?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net>
Date: Sat, 18 Jan 2003 22:03:19 GMT

"Dimitri Maziuk" <dima@127.0.0.1> wrote in message
news:slrnb2hbf3.gsg.dima@odyssey.bmrb.wisc.edu...
> Big Bird sez:
> ...
> > I know who you are. Your homepage URL was in your post. It is not
> > terribly hard to figure out your identity. And from there the identity
> > of your employer. I know that all remote-access attempts to your
> > system are made via cleartext TELNET, because of those policies you
> > mention.
> >
> > If I was some evil, evil hacker, I'd have a sitting duck right there.
>
> So you would... what? Assuming you don't just happen to live in the
> same town, fly all the way to where he works? Then dig out the telco
> cable and put a vampire tap on it? Or break into his workplace at night,
> reconfigure their switches to copy all packets to moitoring port, and
> hook up a laptop to each?

No, simply recognize that any place with engineers and policies that stupid
doesn't have a freaking clue and test the default passwords or bad passwords
on their external switches, then reprogram them to send port 22 packets to
another address until he gets clear text passwords. Or recognize that
someone that stupid probably has employees set up modems on their desktops
configured to run PCAnywhere, and use a war dialer to probe for weaknesses.
Etc., etc.

---

• Next message: Dr Deadpan: "Re: Putty Question: How can I disable vim in putty?"
• Previous message: Nico Kadel-Garcia: "Re: sshd for windows giving always invalid passwd"
• In reply to: Dimitri Maziuk: "Re: telnet replacement - not ssh?"
• Next in thread: marsd: "Re: telnet replacement - not ssh?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: telnet replacement - not ssh? ... > reconfigure their switches to copy all packets to moitoring port, ... simply recognize that any place with engineers and policies that stupid ... doesn't have a freaking clue and test the default passwords or bad passwords ... then reprogram them to send port 22 packets to ... (comp.security.misc) Re: telnet replacement - not ssh? ... > reconfigure their switches to copy all packets to moitoring port, ... simply recognize that any place with engineers and policies that stupid ... doesn't have a freaking clue and test the default passwords or bad passwords ... then reprogram them to send port 22 packets to ... (comp.security.unix) Re: Account permanently disabled? ... If you can see another node's packets, ... you can easily spot usernames and passwords go by. ... Doesn't need to be a WoW player. ... packets on the local network (which is the cable network for many players ... (alt.games.warcraft) Re: Wireless Network ... And do a search on wardriving as I suggested. ... >userID and passwords to hack INTO systems. ... That is the biggest threat. ... Packets containing userID's and password can be gathered ... (comp.security.firewalls) Re: forgotten password ... on how "stupid" you are. ... And that post you received about ' passwords are not for everyone' could ... > password is if windows saved it and showed it astericks. ... >>Mad Max ... (microsoft.public.windowsxp.newusers)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2003-01