Kind of sad

Michael Thomas mike at mtcc.com
Tue Nov 11 15:44:04 UTC 2014


On 11/11/2014 01:05 AM, Karl Auer wrote:
> Someone who puts a real switch doing real work on the Internet with 
> working telnet access is asking to have at least the switch 
> compromised very quickly. A plaything, a honeypot, or a teaching tool 
> - maybe. Anything else, probably a bad idea. Remember that if I own 
> your switch, I own all the data sent to or from any system connected 
> to that switch... Regards, K. 

How so? Assuming that you're using password auth, the real vulnerability 
is somebody figuring out the
password and owning the box. SSH certainly helps here immensely with rsa 
auth, but only if you use it.

An active MITM attack or passive snooping on telnet streams seems like 
it would be orders of magnitude less
dangerous on a list of threats. SSH is definitely a Good Thing, but it's 
not a sliver bullet.

Mike


More information about the NANOG mailing list