Kind of sad
javier at advancedmachines.us
Tue Nov 11 11:05:37 UTC 2014
I agree with you 100 percent. But my point is. Telnet in and of itself
isn't broken. Not that I would want to leave it open to the world. He.net
has a router you can log into over telnet with no auth. Forgot URL but you
can find it on their site.
On Nov 11, 2014 4:05 AM, "Karl Auer" <kauer at biplane.com.au> wrote:
> On Tue, 2014-11-11 at 03:32 -0500, Javier J wrote:
> > Is there a vulnerability in telnet to be exploited? If not it might be on
> > purpose. I know of switching gear that is publicly accessible via telnet.
> telnet does not of itself encrypt anything. If you log in somewhere via
> telnet, everything that passes between you and the remote end is passing
> in clear text. That is true for all data sent to you or from you during
> the whole session, but especially for the username and password you may
> have used to log in with.
> Unless you have secured the channel by some other means (an encrypted
> tunnel, for example) or you own and control and can vouch for every
> piece of the infrastructure between you and the remote end, using telnet
> is just about the most insecure thing you can do short of mailing stuff
> to yourself on postcards.
> Someone who puts a real switch doing real work on the Internet with
> working telnet access is asking to have at least the switch compromised
> very quickly. A plaything, a honeypot, or a teaching tool - maybe.
> Anything else, probably a bad idea. Remember that if I own your switch,
> I own all the data sent to or from any system connected to that
> Regards, K.
> Karl Auer (kauer at biplane.com.au)
> GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
> Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
More information about the NANOG