[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: telnetd vulnerability from BUGTRAQ

* Jose Luis Domingo Lopez (debian-security@24x7linux.com) wrote:
> On Saturday, 25 September 2004, at 10:34:43 -0500,
> hanasaki wrote:
> > When IPSEC is being used, telnet works the same; however is secure 
> > because it, like all traffic, is sent over a transparent tunnel.
> > 
> But an IPsec tunnel encrypts traffic just between the tunnel endpoints.

Erm, IPSEC is actually intended to be implemented on *every* machine,
not just used for tunnels.

> But this need not to be the full path between the telnet client and
> server, so anyone sniffing (for example) on your destination LAN will
> get you usernames and passwords easily.

It doesn't have to be, but I'm sure the original commentor meant it was.
Of course, IPSEC doesn't help if the server is compramised.


Attachment: signature.asc
Description: Digital signature

Reply to: