Kind of sad

Karl Auer kauer at biplane.com.au
Tue Nov 11 09:05:08 UTC 2014


On Tue, 2014-11-11 at 03:32 -0500, Javier J wrote:
> Is there a vulnerability in telnet to be exploited? If not it might be on
> purpose. I know of switching gear that is publicly accessible via telnet.

telnet does not of itself encrypt anything. If you log in somewhere via
telnet, everything that passes between you and the remote end is passing
in clear text. That is true for all data sent to you or from you during
the whole session, but especially for the username and password you may
have used to log in with.

Unless you have secured the channel by some other means (an encrypted
tunnel, for example) or you own and control and can vouch for every
piece of the infrastructure between you and the remote end, using telnet
is just about the most insecure thing you can do short of mailing stuff
to yourself on postcards.

Someone who puts a real switch doing real work on the Internet with
working telnet access is asking to have at least the switch compromised
very quickly. A plaything, a honeypot, or a teaching tool - maybe.
Anything else, probably a bad idea. Remember that if I own your switch,
I own all the data sent to or from any system connected to that
switch...

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A




More information about the NANOG mailing list