[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: opening a chat port

> It sounds like you are conflating the idea that telnet is an insecure
> protocol with the fact that a server asks you to use telnet to connect
> to it.

Yes, I guess I mixed those two together...you provided a good clarification

> Using the telnet client to connect to a "chat server" is no less secure
> than allowing any other sort of TCP connection -- it depends on the
> client and server. :)
>> If I allow the firewall to open this port (so far the only open
>> ports on this machine are 25, 443 and 80) will this be considered a
>> security risk?
> I would, because I know nothing about the chat server in question.
> You need to work out how secure that server is, and then decide if you
> are happy with the security risk it implies.
>> Other than having the chat server closed and leaving that port open
>> without the service...Is there a more secure alternative?
> Well, you could look at using SSH or telnet with SSL to access the chat
> server, but that only helps if you are concerned about an attack where
> people steal a login to the chat server...

I get the point, I was thinking in terms of (if) the chat server is
written with security in mind it should be pretty much "self-contained". 
Nonetheless, opening the port inside an account with very little
priviledges could be considered a good idea if I plan to implement this.

> The process we're witnessing now is in fact the capitalist society
> trying to squeeze out of each person, like blood from a stone,
> whatever commercial value that person may have.
>         --Marc Rotenberg

Boy isn't this true...

Reply to: