root login with telnetd
Beech Rintoul
beech at alaskaparadise.com
Sun Mar 11 09:03:37 UTC 2007
On Saturday 10 March 2007 22:14, Wojciech Puchar said:
> >> with sshd and rshd it can be set, with telnetd - no success.
> >
> > That is a REALLY BAD idea. Why don't you just publish your
> > address and set the root password to nothing. It's only going to
> > take a cracker a couple of minutes or less to own your server
> > once they find you (and they will).
>
> another stupid one not answering the question.
>
> could you describe how you get my password in a couple of minutes
> if you are so intelligent?
There are and have been many known exploits through telnet. The most
recent one a couple of weeks ago affects SunOS where you can, using
telnet, get root privileges without even logging in as root. Telnet
does everything in clear text including passwords. All that's needed
is to get in and install some network sniffing and the first time
root logs in they would have the password. For a valid normal user on
the LAN, it would be even easier.
If you're looking for ease of login look into ssh and keys, that way
you don't even need a password. Details are in the handbook. Even
works from windows.
I don't know anyone that still uses telnet except for testing on a
totally closed network. An ISP I worked for disabled it and
firewalled the port more than five years ago.
Beech
--
---------------------------------------------------------------------------------------
Beech Rintoul - Port Maintainer - beech at alaskaparadise.com
/"\ ASCII Ribbon Campaign | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail | http://www.freebsd.org
X - NO Word docs in e-mail | Latest Release:
/ \ - http://www.freebsd.org/releases/6.2R/announce.html
---------------------------------------------------------------------------------------
More information about the freebsd-questions
mailing list