How many of us here run anything less than SSH and even allow telnetd
to
live on any of our hosts?
Hey, we have had to do without SSH in more than one CISCO IOS build in the last 6 months in 12.1 / 12.2. This always made me feel very nervous. Regards Marshall Eubanks
Here? Probably not all that many.
[bill's password slide from the Scottsdale NANOG] suggests that many (most?) of the NANOG attendees are shipping passwords around in the clear (not necessarily all telnet, but indicative of a mindset).
The system with that data on it is off right now, but my recollection was that the top three offenders were (in no particular order)
- cleartext POP - cleartext IMAP - http:// (mostly people reading their email via Exchange).
Note that the final slide that I put up at the end of the meeting (with something like 150 passwords on it) had one of my passwords too (my Vindigo password, if anyone wants to change what cities I have configured =), so even people who are aware of the issues sometimes still send cleartext passwords.
Bill
Marshall Eubanks tme@21rst-century.com