Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Phillip Hofmeister <plhofmei@antiochcomputerconsulting.com>
Date: Tue, 28 Sep 2004 12:20:55 -0400
Message-id: <[🔎] 20040928162055.GC20816@antiochcomputerconsulting.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87sm9226xo.fsf@enki.rimspace.net>
References: <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <20040927072410.GA3495@forumakad.pl> <[🔎] 1096315718.32426.27.camel@king.gregfolkert.net> <[🔎] 20040928065054.GB22196@forumakad.pl> <[🔎] 87sm9226xo.fsf@enki.rimspace.net>

On Tue, 28 Sep 2004 at 03:23:15AM -0400, Daniel Pittman wrote:
> Fast I would concede, and easy is a matter of taste, mostly.
> 
> I don't know what you imagine is "encrypted" in FTP, though, since that
> is not part of the specification or the standard implementations.
> 
> Unless you run an SSL-enhanced or Kerberos FTP client and server, within
> the same realm, there is no encryption involved in FTP.

I would put forth SSH is no more secure than FTP is when one is dealing
with an unknown host.  SSH is dependant on a know_host.  If information
about a host is not known (public/server key) then SSH is every bit as
easy to eaves drop as FTP.  There are many tools that will easily
attempt a man-in-the-middle SSH attack.

-- 
Phillip Hofmeister

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariush Pietrzak <eyck@forumakad.pl>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariusz Pietrzak <proftpd@forumakad.pl>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: telnetd vulnerability from BUGTRAQ
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: BAHAHA was (telnetd vulnerability from BUGTRAQ)
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread