SEO

On 12 Aug 2003 12:56:01 -0700, john bailo wrote:
> 0. Telnet is up and running on a rh9 machine.


Working as designed.

======= standard telnet inlude follows: =============

Telnet and ftp are insecure, and are not loaded/enabled during normal installs.

login id and password is passed as clear text and can
be snatched with a packet sniffer off both ends of the connection.

Use ssh/sftp instead.
Be sure to get the lastest from your distribution vendor.

If using, windoze get Putty.
http://www.nonags.com/
http://www.tucows.com


But if you realy want to use it:
man xinetd
Be sure to add the only_from = telnet_source_pc_ip_here
to the /etc/xinetd.d/telnet file in the target pc.

man hosts.allow
man tcpd
man 5 hosts_access
Check the firewall

and if all else fails, there is a very
large Frequently Asked Question (FAQ) search engine found at
http://groups.google.com/advanced_group_search
key word(s) in the first box
*linux* in the Newsgroup, pick English

On Tue, 12 Aug 2003 20:48:18 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
>
>
> On 12 Aug 2003 12:56:01 -0700, john bailo wrote:
>> 0. Telnet is up and running on a rh9 machine.
>
>
> Working as designed.
>
>======= standard telnet inlude follows: =============
>
> Telnet and ftp are insecure, and are not loaded/enabled during normal installs.
>
> login id and password is passed as clear text and can
> be snatched with a packet sniffer off both ends of the connection.
>
> Use ssh/sftp instead.
> Be sure to get the lastest from your distribution vendor.
>
> If using, windoze get Putty.
> http://www.nonags.com/
> http://www.tucows.com
>
>
> But if you realy want to use it:
> man xinetd
> Be sure to add the only_from = telnet_source_pc_ip_here
> to the /etc/xinetd.d/telnet file in the target pc.
>
> man hosts.allow
> man tcpd
> man 5 hosts_access
> Check the firewall
>
> and if all else fails, there is a very
> large Frequently Asked Question (FAQ) search engine found at
> http://groups.google.com/advanced_group_search
> key word(s) in the first box
> *linux* in the Newsgroup, pick English
>

I have been using telnet to loginto a remote box for years without any
problems.

I also have been running plain old ftp and ftpd for years with out any
problems.


You must be talking about RH, because both are enabled in Debian by default,
for the simple reason that they are excellent applications.

If you are a large organization or business, then worrying about "security"
is a good idea. But for us little guys, no need at all.

NOT directed to the estimable Bit Twister:

The yuppies at RH think everyone is out to get them, because THEY are out
to get everyone.


Alan

On Tue, 12 Aug 2003 22:54:05 GMT, Alan Connor wrote:
>
> If you are a large organization or business, then worrying about "security"
> is a good idea. But for us little guys, no need at all.

Yeah, worst case, blackhat crack a box and use it to store child
pornography. Cracked box owner get free room and board for a few
years at the barbed wire hotel.

Checking ftp attempts yesterday shows
grep DPT=21 /var/log/messages | grep "Aug 11" | wc -l
2
Slow day today, W32/Blaster worm must be keeping script kiddies busy.

On Tue, 12 Aug 2003 23:45:46 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
>
>
> On Tue, 12 Aug 2003 22:54:05 GMT, Alan Connor wrote:
>>
>> If you are a large organization or business, then worrying about "security"
>> is a good idea. But for us little guys, no need at all.
>
> Yeah, worst case, blackhat crack a box and use it to store child
> pornography. Cracked box owner get free room and board for a few
> years at the barbed wire hotel.
>
> Checking ftp attempts yesterday shows
> grep DPT=21 /var/log/messages | grep "Aug 11" | wc -l
> 2
> Slow day today, W32/Blaster worm must be keeping script kiddies busy.

So you don't allow anonymous logins. That pretty much takes care of it, no?


Alan

--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: http://tinyurl.com/inpd for the scripts and docs.

On Wed, 13 Aug 2003 01:17:26 GMT, Alan Connor wrote:
>
> So you don't allow anonymous logins. That pretty much takes care of it, no?

Duh, have we already forgotten id/passwords can be sniffed off of either
end of the telnet/ftp connection because they are passed as clear text.


If the newbie has a hard time getting telnet to work, I have less
confidence about his security setup.

But, that is what is nice about *nix, you want to play Russian
Roulette with an automatic, go for it.

Alan Connor wrote:
> On Wed, 13 Aug 2003 01:45:08 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
>
>>
>>On Wed, 13 Aug 2003 01:17:26 GMT, Alan Connor wrote:
>>
>>>So you don't allow anonymous logins. That pretty much takes care of it, no?
>>
>>Duh, have we already forgotten id/passwords can be sniffed off of either
>>end of the telnet/ftp connection because they are passed as clear text.
>>
>
>
> Duh, you can't sniff anything if you aren't on the network in question.

Except that a lot of poorly configured routers and switches with the
default passwords never having been altered are being leveraged to sniff
packets, in particular packets that contain or are immediately after
packets containing the string "password". This is particularly a problem
in university computing, since most universities turn a blind eye to
such behavior.

On Wed, 13 Aug 2003 02:53:16 GMT, Alan Connor wrote:
>>
>
> Duh, you can't sniff anything if you aren't on the network in question.

Well duuuh, nobody, but nobody said anything to indicate that.
Seems you did not understand "both ends of the connection".

>
> Like I said, been using telnet and ftp, client and server, since I first
> used Linux. So have millions of others. The fact that there are so many
> ftp servers out there, with their IP addresses available on google, that
> allow anonymous logins, ought to tell an intelligent person something.

Yeah, millions of people do not have car accidents either. Wonderful
logic there.

>
> I'm not, and I'm not going to be.

Nobody told you to be paranoid.


> You can be what you want. But my experience is that the people who go on
> and on about security are the ones that you have to watch.
> They are projecting and giving themselves away.


Some more of that wonderful logic there.

Using google with *linux* in the news group box
and in the first box

help my box cracked
Results 1 - 10 of about 641. Search took 3.18 seconds

help my box hacked
Results 1 - 10 of about 1,730. Search took 3.57 seconds.

Yes lots of the hits are because of replies. I guess it must
be viruses.

Alan Connor wrote:

> You must be talking about RH, because both are enabled in Debian by default,
> for the simple reason that they are excellent applications.

SINCE WHEN? Debian 2.2 and 3.0 (those that I have real experience of) have
telnetd in the *extra*-section and sshd in *standard*-section.

Do you happen to know why ssh was originally developed? Because the lab
servers at Helsinki University of Technology got their roots sniffed. Fed up
with that, a researcher (a docent IIRC) developed SSH.

IMHO ftpd is harder to configure that sshd.

-Timo

--
Timo Voipio | Helsinki, Finland | ICBM at: 60 11.800 N 024 52.760 E
GeekCode ver 3: GU>CC d s-: a--- C++ UL(+)$>+++$ P+>+++ L++(+) E- W++ N++
o? K? w O M- V- PS PE Y+ PGP+ t 5++ X R tv- b++(++++) DI+ D G e- h! r !y
Remove +newsharvested to e-mail me | Poista +newsharvested jos meilaat

Alan Connor <xxxxxx@xxxx.xxx> wrote in message news:<hee_a.3376$Nf3.2587@newsread4.news.pas.earth link.net>...

> You must be talking about RH, because both are enabled in Debian by default,
> for the simple reason that they are excellent applications.

i mentioned rh9 in the OP

but telnet is not installed 'by default'

rh9 has several ( i think 5 total ) installation scenarios and i chose
development workstation, so none of the internet server components ( including
telnet server ) were installed and i installed them manually ( using the
add new programs ).