On Mon, Sep 15, 2003 at 02:35:58AM -0400, JondZ wrote: > > > > ftp packages if its installed, and we're perfectly sure it's installed. > > > > Uninstall these packages NOW. And FAST. And install OpenSSH instead. > > Telnet and FTP are among the most dangerous and worthless protocols on > > the planet as of now. Don't even think about using them in the future. > > alternatively, if you need to use telnet , open it but > control it thru tcp wrappers (/etc/xinetd.d/telnet in > newer redhat). I use telnet but allow only allow hosts > from my local net. Works great.
It is wonderful! FTP, also. Of course, I'm speaking from the view of a hacker. You see, by using unencrypted protocols you're exposing your entire session, including usernames and passwords, to logging by a simple traffic sniffer. I used to have a client who insisted on using telnet and ftp, just out of laziness. It was silly, he had always typed "telnet host" or "ftp host" and just didn't want to change. One day he called me because his firewall was hacked. He said that it had been hacked about 6 months earlier, but it was still "working" so he didn't care. I got on the box and showed him the logs from the network sniffer. In a nice little file: host username password *blank line* repeated again and again. He had passwords that were lovely, all sorts of wierd characters, never would have been guessed in a million years. But nobody needed to guess them, his refusal to use secure protocols had resulted in his handing them on a silver platter to some lifeless nerd who lives in his parents' basement. Every machine he'd ever telnetted to or ftped to was in there. His main server, which he kept in town at a colo facility, had also been hacked. Actually, "hacked" isn't the word to use since he'd given the passwords to this kid. That server held the kind of information that he literally could have went to jail over this. Turn off telnetd, turn off ftpd, and break the habits. As I said earlier, ftp is fine *if and only if* you are using a non-system password file and ftp always uses a consistent uid. Your system probably shouldn't have inetd/xinetd running; I don't even install them. There is no reason to. There are some good things that xinetd can do for a service like pop3, such as connection limiting. Use it only if you need it. Michael -- Michael Darrin Chaney [EMAIL PROTECTED] http://www.michaelchaney.com/ -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
