On Sun, 2009-01-11 at 19:28 +0000, Leslie Newell wrote: > Let's be realistic about this. What are the chances of a hacker randomly > scanning IP addresses and ports on the web and finding a running emcrsh > session? Even if one did, what is the likelihood of him then recognizing > the connection and trying to take over your machine? I'd say you have > probably got more chance of being hit on the head by a meteorite. > > If you are running a high profile operation and advertise the fact that > your machine is controlled over the internet then maybe someone would > give it a go. > > Les > > > Eric H. Johnson wrote: > > Les, > > > > The passwords are passed as plain text, so a determined hacker would not > > have much difficulty sniffing out the passwords. One option for increasing > > security over the Internet is to run the telnet session over an ssh > > connection. That way all transactions will be encrypted and it adds an > > additional password layer. The telnet socket could then be blocked at the > > router or firewall, and only allow the ssh socket through. > > > > Regards, > > Eric
The problem is leaving the telnet port open. I may be wrong here, but I believe, all a hacker needs is an IP address that has telnet open, then scan the port until someone logs in and records the password. If root logs in, your dead. Script kitties can use a script to automate this, so all they need to do is start it, and wait. I get port and password scanned almost daily. ----------- Kirk http://www.wallacecompany.com/machine_shop/ ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
