Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Jose Luis Domingo Lopez <debian-security@24x7linux.com>
Date: Sun, 26 Sep 2004 12:05:54 +0200
Message-id: <[🔎] 20040926100554.GB14053@localhost>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 41559013.2080706@hanaden.com>
References: <[🔎] Pine.LNX.4.44.0409242200160.16973-100000@herring.sandwich.net> <[🔎] 20040924221509.GF4491@infidel.spots.ab.ca> <[🔎] 20040925101326.GA31830@kontryhel.haltyr.dyndns.org> <[🔎] 41559013.2080706@hanaden.com>

On Saturday, 25 September 2004, at 10:34:43 -0500,
hanasaki wrote:

> When IPSEC is being used, telnet works the same; however is secure 
> because it, like all traffic, is sent over a transparent tunnel.
> 
But an IPsec tunnel encrypts traffic just between the tunnel endpoints.
But this need not to be the full path between the telnet client and
server, so anyone sniffing (for example) on your destination LAN will
get you usernames and passwords easily.

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.9-rc1)

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Stephen Frost <sfrost@snowman.net>

References:
- telnetd vulnerability from BUGTRAQ
  - From: James Renken <jrenken@sandwich.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: telnetd vulnerability from BUGTRAQ
  - From: hanasaki <hanasaki@hanaden.com>

Prev by Date: Re: telnetd vulnerability from BUGTRAQ
Next by Date: Re: Debian Hardened project status.
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread