Kind of sad
Michael Thomas
mike at mtcc.com
Tue Nov 11 15:44:04 UTC 2014
On 11/11/2014 01:05 AM, Karl Auer wrote:
> Someone who puts a real switch doing real work on the Internet with
> working telnet access is asking to have at least the switch
> compromised very quickly. A plaything, a honeypot, or a teaching tool
> - maybe. Anything else, probably a bad idea. Remember that if I own
> your switch, I own all the data sent to or from any system connected
> to that switch... Regards, K.
How so? Assuming that you're using password auth, the real vulnerability
is somebody figuring out the
password and owning the box. SSH certainly helps here immensely with rsa
auth, but only if you use it.
An active MITM attack or passive snooping on telnet streams seems like
it would be orders of magnitude less
dangerous on a list of threats. SSH is definitely a Good Thing, but it's
not a sliver bullet.
Mike
More information about the NANOG
mailing list