Re: National Security Backdoor in telnetd - all versions.

david20_at_alpha2.mdx.ac.uk
Date: 09/14/03 

Date: Sun, 14 Sep 2003 15:44:38 +0000 (UTC)

In article <Yk%8b.6773$jT6.1028@twister.rdc-kc.rr.com>, "Dave" <dave@unixhome.net> writes:
>
>"ZedGama3" <zedgama3@comcast.net> wrote in message
>news:ll28b.418220$Ho3.66180@sccrnsc03...
>> Who uses telnet anyway?
>> I mean with SSH and all.
>
Not every system (or piece of network equipment) you want to connect to will
have an SSH server.
It's much more likely to have a Telnet daemon.

Hence you need to access the risks of someone being able and wanting to
pickup your cleartext passwords as they are routed across the internet to your
target system against your need to access the system.

Many other protocols have exactly the same vulnerability (cleartext password
transmission) as Telnet.

Do you use ftp ?
Do you use IMAP or POP ? POP and IMAP can be protected with SSL/TSL but many
servers still don't support that.

>Those asking to get hacked use telnet. You must be some kind of need to
>become a victim to use telnet over a network.
>
>

Note. In the above I'm assuming you are referring to "normal" telnet rather
than for instance Kerberized Telnet where of course no clear text passwords
would be passed.

In an ideal world all communications between systems would be strongly
encrypted. Unfortunately it will be sometime before we have the luxury of all
systems supporting such encryption.

David Webb
VMS and Unix team leader
CCSS
Middlesex University

Relevant Pages

  • RE: Commentary on the seven words
    ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
    (RedHat)
  • Re: Commentary on the seven words
    ... A Because the application that we run uses a telnet client that doesn't ... support ssh - and that's why I can't run ssh on this system. ... General Red Hat Linux discussion list ... >operating system and utility advice and assistance and there are SEVEN ...
    (RedHat)
  • Re: Commentary on the seven words
    ... routinely asked to help with enabling rsh and telnet. ... Shoot, I use SSH & all that, but if I wanted to allow it for some ... > I wrote in with a complaint that Linux will allow a process (like Tar, ... I administrate one system that has 128 clients ...
    (RedHat)
  • Re: OSR507: xm_vtcld : could not open libXm.so
    ... laptop, I can run successfully "scoadmin software" if I'm through SSH, ... LINUXLAPTOP $ telnet 172.xxx.101.66 ... Similarly cron jobs have a different environment, and cgi-bin scripts ...
    (comp.unix.sco.misc)
  • Re: SSH newbie question
    ... I had to enable SSH on one alpha in order to be able to "telnet" to my ... I didn't have to configure the mac on the VMS host and vice versa. ... Unless you take steps to block connections to it (via firewall rules, ...
    (comp.os.vms)