telnet vs ssh on Core equipment , looking for reasons why ?

Roeland Meyer rmeyer at mhsc.com
Tue Jul 31 15:52:01 UTC 2001


> From: Stephen J. Wilcox [mailto:steve at opaltelecom.co.uk]
> Sent: Tuesday, July 31, 2001 6:52 AM

> so thats my main logic, authentication... i cant understand the big
> paranoia on people sniffing tho!

If ANY part of the link, between the NetAdm and the CORE system, even
accidently, transits ANY part of an untrusted network, then that link is
sniffable. Now, if you are accessing said equipment, via in-band means, this
is virtually guaranteed to be the case (with a small number of anomalous
exceptions). 

Even out-band networks are vulnerable if someone accidently leaves one host,
in router-mode, and one of the NICs is on the Admin LAN. With dynamic
routing, this is even less deterministic. Given a Firewall, one
contractor/sales-person, with a lap-top and an 802.11b (or even Ricochet)
connection to the outside world, on your inner-LAN; Your Firewall becomes a
potential Maginot Line ... useless. 

[side-bar: A Compaq Ipaq can do this, running Linux. As PDAs get more
powerful, they also become potential stealth cracker tools]

Ergo, all networks are potentially sniffable. Many of them leak like sieves.

You also imply another fallacy, that of only encrypting sensitive traffic.
Given the above and in a stack full of needles, when you know that only the
encrypted ones are interesting, you will only sniff the encrypted ones (this
is the essential fallacy of SSL, it's even conveniently segregated by port
number). This measurably cuts down the search time. Now if all needles were
equally encrypted you add steganographic effects, to the LAN, and it becomes
orders of magnitude more difficult to crack.

I submit that all packets, on all networks, even SANs, should be strongly
encrypted, at all times.
I further submit that all hosts, even those behind a Firewall, should be
hardened against attack. Never assume that you are safe.



More information about the NANOG mailing list