On Tue, 2014-11-11 at 03:32 -0500, Javier J wrote:
Is there a vulnerability in telnet to be exploited? If not it might be on purpose. I know of switching gear that is publicly accessible via telnet.
telnet does not of itself encrypt anything. If you log in somewhere via telnet, everything that passes between you and the remote end is passing in clear text. That is true for all data sent to you or from you during the whole session, but especially for the username and password you may have used to log in with. Unless you have secured the channel by some other means (an encrypted tunnel, for example) or you own and control and can vouch for every piece of the infrastructure between you and the remote end, using telnet is just about the most insecure thing you can do short of mailing stuff to yourself on postcards. Someone who puts a real switch doing real work on the Internet with working telnet access is asking to have at least the switch compromised very quickly. A plaything, a honeypot, or a teaching tool - maybe. Anything else, probably a bad idea. Remember that if I own your switch, I own all the data sent to or from any system connected to that switch... Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A