Re: telnet break-in
On Wed, Aug 26, 1998 at 10:35:12AM -0400, Ossama Othman wrote:
> > > > Hence the One-Time Password suggestion. Either way, better to have/use
> > > > SSH than use telnet/ftp/r{login,sh,exec}.
> > >
> > > I have both SSL-Telnet and SSH installed. I don't type root passwords over
> > > clear connections unless it is an emergency.
> >
> > Hmm - why is it that emergencies always happen when I'm away from
> > Cambridge? ;(
>
> Well, one Debian user seems to have had a break-in. However, the break-in
> wasn't due to any Debian security hole. The break-in was due to
> standard/known UN*X security holes. For example, allowing incoming
> telnets is one (typing clear text passwords over the net).
Well I don't know about your assessment....
the original message cited some log file segments...that look like
a possible break-in or an attempted break-in but.
All it really meant AFAICT is that someone telnetted to the system and
possibly tried to log in. Is that necissarilly a break-in?
Allowing telnet connections is not a security hole in and of itself, it
is a potential security hole. From what I have heard (and seen from admissions
here) people trying to telnet around to dynamic IP ranges looking for hosts
is somewhat common...
I know if I see an IP and wonder what a machine is I occasionally telnet
to it (for example when I am researching a new ISP I usually try to
determine what type of servers they run to make sure they aren't NT...
recently I couldn't figure it out so I resorted to telnet and sure enough
I got a login prompt and it said "Digital Unix" abovce it so I was satisfied)
-Steve
--
/* -- Stephen Carpenter <sjc@delphi.com> --- <sjc@debian.org>------------ */
E-mail "Bumper Stickers":
"A FREE America or a Drug-Free America: You can't have both!"
"honk if you Love Linux"
Reply to: