Allmost OT: Re: [lug] telnetd problem
Chris Wade
cwade at veripost.net
Mon Oct 15 11:12:13 MDT 2001
Sorry, deleted too much of the previous thread in my last reply. When I get
this set up the way I want it, it will be:
world -----> cable modem -----> linux gateway/firewall --> local network
And I will certainly use SSH to get in from the outside world after reading
the replies here. Just to make things completely clear, though, is there
any security risk involved in using telnet between boxes that are behind the
firewall, where information does not normally get passed out to the world?
It's a bit academic at this point, but it would help me understand How
Things Work.
Thanks,
Chris
> -----Original Message-----
> From: rm at fabula.de [mailto:rm at fabula.de]
> Sent: Monday, October 15, 2001 10:43 AM
> To: lug at lug.boulder.co.us
> Subject: Re: Allmost OT: Re: [lug] telnetd problem
>
>
> On Mon, Oct 15, 2001 at 09:25:41AM -0600, Chris Wade wrote:
> > Yeah, I should probably switch to SSh at some point, it's just an
> > interesting problem at the moment (because I have a
> workaround). There's
> > nothing on there that I would worry about security issues
> over. This is
> > just one of the many steps toward understanding how this
> whole networking
> > thing works.
> >
> > Once I get the other machines behind the linux box (using
> it as a firewall),
> > there should be no problem with telnet. Correct?
>
> ? Hmm, do i understand this correctly:
>
> world ----> linux gateway/firewall --> local network
>
> You want to connect from world to boxes in local network with
> telnet? Highly insecure! If you use telnet then your password
> is sent unencrypted through the wires. Anybody who has access
> to a machine (router/gateway, Server at your ISP ...) is able to
> intercept the traffic and read your password. I don't know much
> about the tech. setup of U.S. cable modems, but over here you
> basically have a shared medium with the other users on your
> block, i.e. all of your neighborhood can read unencrypted traffic
> (it might take some fiddling with the routing etc. but it's pretty
> easy ...).
>
> Most of the break-ins i've seen so far resulted from someone
> using insecure protocols like telnet or pop3 over an insecure
> box.
>
> Ralf Mattes
>
>
>
> > Chris
> >
> > > -----Original Message-----
> > > From: rm at fabula.de [mailto:rm at fabula.de]
> > > Sent: Monday, October 15, 2001 7:24 AM
> > > To: lug at lug.boulder.co.us
> > > Subject: Allmost OT: Re: [lug] telnetd problem
> > >
> > >
> > > Just as a side note: do you _really_ want to connect
> > > to your home via telnet? This protocoll is _extremely_
> > > insecure and you are sending your password in cleartext
> > > over the net (read: insecure ground). SSH is a much better
> > > tool for such needs (and much harder to crack) and afaik the
> > > terminal emulation is far better in windows ssh than in
> win-telnet.
> > >
> > > Just my 2c
> > >
> > > Ralf Mattes
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list