> Better not to use telnet at all, ever again. There are decent, Free ssh > clients available even for lesser OSes like Windows that are better than > the really terrible telnet client that MS appears to have shipped along > with Windows as an afterthought, so that is no longer an excuse. The > only good telnet or ftp is a Kerberized one.
I think he mean's telnetd, telnet can be used on a wide variety of tools. ex: checking version on some ports, etc. Merong telnetd and telnet - a client over ssl. Its just a matter of securing your network, and a lot of common sense will help a lot. On windows, i think putty is great also. IMO. - Louie ----- Original Message ----- From: "Rafael 'Dido' Sevilla" <[EMAIL PROTECTED]> To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]> Sent: Monday, September 15, 2003 3:38 PM Subject: Re: [plug] Telnet Problem > On Mon, Sep 15, 2003 at 02:35:58AM -0400, JondZ wrote: > > alternatively, if you need to use telnet , open it but > > control it thru tcp wrappers (/etc/xinetd.d/telnet in > > newer redhat). I use telnet but allow only allow hosts > > from my local net. Works great. > > > > Until someday someone decides to install a password sniffer on a box on > your local network and sees all of your passwords going by in the clear. > It is then a simple matter to hijack one of your tcp wrappers trusted > hosts and access your supposedly "safe" host. Or if someone decides to > mount an IP spoofing attack and pretends to be the target to one of your > wrapped hosts (still possible with ssh, but not if you use it the way it > is supposed to be used). IP addresses should never be considered > trusted, not unless there is a cryptographic certificate of some sort > standing behind it. Granted ssh does a less than optimal job of > managing these trust relationships (the old versions of SSH blindly > added certificates to the ~/.ssh/known_hosts file for instance), but it > at least provides a framework on which you can do this. Strong > authentication is an absolute necessity in this day and age, and getting > into bad habits in this respect on what you might mistakenly feel are > "safe" local networks ay translate into those same bad habits being used > on dangerous public networks. In my mind, that's a good enough reason > to deprecate the protocol altogether and never use it at all. > > Better not to use telnet at all, ever again. There are decent, Free ssh > clients available even for lesser OSes like Windows that are better than > the really terrible telnet client that MS appears to have shipped along > with Windows as an afterthought, so that is no longer an excuse. The > only good telnet or ftp is a Kerberized one. > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
