[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] re: Telnet security

Subject: RE: [cobalt-security] re: Telnet security
From: Reinoud van Leeuwen <rvanleeuwen@xxxxxxxxxxxx>
Date: Wed, 25 Apr 2001 15:41:11 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Reinoud van Leeuwen wrote:
> > If you login through *telnet* over a public network, you 
> have a lot to worry
> > about! Telnet is so insecure, people can just sniff your 
> password to get
> > into your box... (no hacking needed)
> 
> Which people are those who can sniff your password?  Network 
> administrators
> and such, but how does an 'ordinary' user watch theinternet 
> promiscuously?

Anyone on the same LAN segment (it does not matter whether it is switched or
not*) can sniff your traffic. So unless you control all the links between
your workstation and the server you log in, you cannot be sure that you are
not sniffed. This is usually the case in normal office environments, or
people that connect through an ISP to their servers.
If your workstation is on a dedicated management LAN, were you can trust all
the hosts (and you are 100% sure that they are not 0wn3d), it is another
case.

* it is not very hard for a hacker to put a switch in a broadcastnig device
mode, so switching does not increase security on this point

Follow-Ups:
- RE: [cobalt-security] re: Telnet security
  - From: Adam Sculthorpe

Prev by Date: Re: [cobalt-security] re: Telnet security
Next by Date: RE: [cobalt-security] re: Telnet security
Previous by thread: Re: [cobalt-security] re: Telnet security
Next by thread: RE: [cobalt-security] re: Telnet security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index