Kind of sad
javier at advancedmachines.us
Tue Nov 11 11:07:25 UTC 2014
On Nov 11, 2014 6:05 AM, "Javier J" <javier at advancedmachines.us> wrote:
> I agree with you 100 percent. But my point is. Telnet in and of itself
> isn't broken. Not that I would want to leave it open to the world. He.net
> has a router you can log into over telnet with no auth. Forgot URL but you
> can find it on their site.
> On Nov 11, 2014 4:05 AM, "Karl Auer" <kauer at biplane.com.au> wrote:
>> On Tue, 2014-11-11 at 03:32 -0500, Javier J wrote:
>> > Is there a vulnerability in telnet to be exploited? If not it might be
>> > purpose. I know of switching gear that is publicly accessible via
>> telnet does not of itself encrypt anything. If you log in somewhere via
>> telnet, everything that passes between you and the remote end is passing
>> in clear text. That is true for all data sent to you or from you during
>> the whole session, but especially for the username and password you may
>> have used to log in with.
>> Unless you have secured the channel by some other means (an encrypted
>> tunnel, for example) or you own and control and can vouch for every
>> piece of the infrastructure between you and the remote end, using telnet
>> is just about the most insecure thing you can do short of mailing stuff
>> to yourself on postcards.
>> Someone who puts a real switch doing real work on the Internet with
>> working telnet access is asking to have at least the switch compromised
>> very quickly. A plaything, a honeypot, or a teaching tool - maybe.
>> Anything else, probably a bad idea. Remember that if I own your switch,
>> I own all the data sent to or from any system connected to that
>> Regards, K.
>> Karl Auer (kauer at biplane.com.au)
>> GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
>> Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
More information about the NANOG