On 11/11/2014 01:05 AM, Karl Auer wrote:
Someone who puts a real switch doing real work on the Internet with working telnet access is asking to have at least the switch compromised very quickly. A plaything, a honeypot, or a teaching tool - maybe. Anything else, probably a bad idea. Remember that if I own your switch, I own all the data sent to or from any system connected to that switch... Regards, K.
How so? Assuming that you're using password auth, the real vulnerability is somebody figuring out the password and owning the box. SSH certainly helps here immensely with rsa auth, but only if you use it. An active MITM attack or passive snooping on telnet streams seems like it would be orders of magnitude less dangerous on a list of threats. SSH is definitely a Good Thing, but it's not a sliver bullet. Mike