Did I give up on telnet too easily?

Discussion in 'Linux Networking' started by Jem Berkes, Sep 21, 2003.

  1. Jem Berkes

    Eric Gibson Guest

    Hmmmmmm.... How do you know the name of the file? Is it printed to the
    screen through telnet after you login? What difference does that make if
    I've already sniffed your password? I can just login and write the file...
    Is it sent to you in an unencrypted super-filename-secured email? Again...

    Hmm, It might work, if the filenames are OTP's sent on paper airplanes
    between cubicles. Nope, not really, all this password/filename stuff is
    irrelevant. I just need to hijack your session for .5 seconds to cat a
    script to a file which downloads and installs my rootkit... You wouldn't
    even know it happened... ;-)

    You may want to reconsider this security strategy, heh...

    Eric
     
    Eric Gibson, Sep 26, 2003
    #61
    1. Advertisements

  2. Jem Berkes

    ynotssor Guest

    ynotssor, Sep 26, 2003
    #62
    1. Advertisements

  3. Jem Berkes

    Eric Guest

    Woah, I wrote this rhetorically and in jest thinking the original poster
    was joking. Then I actually read more of the thread, and he wasn't.

    That wasn't a threat or anything. :)

    Eric
     
    Eric, Sep 26, 2003
    #63
  4. Jem Berkes

    Eric Guest

    Apparently you've never used a packet sniffer to just watch telnet
    passwords roll by? 15 seconds is an eternity. Do you really think
    crackers log in and hand enter a bunch of commands to get into your
    system? No, they have automated the installation of rootkits fairly well.
    I hope you NEVER su to root in a telnet session, or your 15 second
    filename thingy is insecure by about 14.9 seconds.

    You've also obviously never seen anyone totally hijack a telnet session
    either... What difference does it make if someone has your password (or
    filename, or whatever) if they can simply sit there for a day or two and
    wait around for you to su to root, and they just snatch your session.

    http://www.securiteam.com/tools/2NUQBSAQ0C.html

    Obviously this requires the person to be on the local network, but 80-
    90% of all security issues are internal...

    I probably shouldn't even be responding to this, because it's obvious
    trolling. It's almost kinda funny though, so I'll fall for it.

    ....

    Eric
     
    Eric, Sep 26, 2003
    #64
  5. Jem Berkes

    Alan Connor Guest

    I guess I am just going to have to say this again:

    Millions and millions of people, lacking unreasonable fears and exercising
    common sense, use telnet and other basic communications tools everyday with-
    out any problems at all.

    And despite the rantings of certain paranoid bullies, we are going to continue
    doing so.

    I hate to be the one to tell you this, but your opinions on system administrat-
    ion are just that. No one has to take your word for anything, and people who
    take the words of others over the lessons of their own experience are just
    plain fools.
     
    Alan Connor, Sep 26, 2003
    #65
  6. Jem Berkes

    Alan Connor Guest

    Have a nice paranoid day. And I'm sure these things have happenned to YOU,
    becuase dumb things happen to dumb people.
     
    Alan Connor, Sep 26, 2003
    #66
  7. Jem Berkes

    Eric Guest

    Connect to port? There are at least 10 tools I know of to hijack telnet
    sessions, and I've seen them work right in front of my eyes.
    So you are auto-retaliating too? Wow... brilliant! What happens when
    someone spoofs FBI.gov when they do your connect to port contraption, and
    you are sending "ASCII bombs" (What the hell?!? AHAHAHAHAHA!) to the FBI
    headquerters. Not to mention I can see about 5 dos attacks just in this
    simple description you gave that someone could use to spring your little
    mousetrap, and keep you off the net until you just disabled it
    altogether.
    No, this is THE most hilarious trolling I've seen in a long time, keep it
    coming!

    Eric
     
    Eric, Sep 26, 2003
    #67
  8. Jem Berkes

    Eric Gibson Guest

    http://groups.google.com/groups?&as_umsgid=bf16bt$1q9$
    rg

    Oooooo, snap! He got schooled by Claus Abmann, nice! I've seen some funny
    things on usenet, but this takes the cake. I'm just sitting here laughing my
    ass off searching this guy on google. Damn... my ribs hurt, seriously.

    When he described his alternate port connection/ascii bomb/filename telnet
    contraption I got this mental image of one of those crazy mouse trap things
    you make in school, with the ball going through the funnel and everything.

    This is the most advanced form of silliness I've seen yet. Alright yall, it
    was fun, but I have to hide this thread or I'm going to get in trouble.

    Hehehehehe,

    Eric
     
    Eric Gibson, Sep 26, 2003
    #68
  9. Jem Berkes

    Alan Connor Guest

    I am using telnet and other similar tools. If you try to crack my box
    I will kick your ass.

    Come ahead and try, windbag. But the fact is that you don't even have the
    skill to track down my IP, much less do anything else.

    Talk is so very cheap.

    Here's a clue: The problems you have had have nothing to do with the tools that
    you are criticising. They have to do with the fact that you are stupid and
    careless and don't do your homework and don't exercise common sense.

    Please keep up the flow of hot air. It's a little chilly this morning.
     
    Alan Connor, Sep 26, 2003
    #69
  10. Jem Berkes

    ynotssor Guest

    [/QUOTE]
    No real need to search, because if you've seen one of his posts, you've
    essentially seen them all.

    Sort of a one-trick pony in his private circus of life.
     
    ynotssor, Sep 26, 2003
    #70
  11. Jem Berkes

    Alan Connor Guest

    No real need to search, because if you've seen one of his posts, you've
    essentially seen them all.

    Sort of a one-trick pony in his private circus of life.
    [/QUOTE]

    I hope you continue to have fun taking cheapshots at me.

    (they say more about YOU than they do about me)

    I will now ignore your posts for 30 days. You COULD grow up by then.
     
    Alan Connor, Sep 26, 2003
    #71
  12. Jem Berkes

    erik Guest

    Maybe because there are some people out there who are just a little bit
    more experienced than you? Or should I say just a little bit more
    competent?
    Prove me wrong. You cannot do so.
    It sure is a better way than using plain old telnet.
    There are none. None whatsoever.
    O, you did secure it in a concrete box, no connections, no power etc?
    Prove that your box hasn't been cracked. You cannot.
    You will get sicker. You are just a plain troll. A troll who does not
    have a clue what he is talking about, and showing that. Plain and
    simple.
    Looking in the mirror?
    Blahblahblah. Hope to never hear from you again.

    *PLONK*
    And then what? What will happen? You come swim personally over that
    small ocean to teach me a lesson? You even start to get funny. I'm
    considering to unplonk. So, we're just seeing a simple lunatic. That's
    funny nowadays.

    Clueless enough to not even know a sig separator when he stumbles on
    one?
    'We'? You.

    EJ
     
    erik, Sep 26, 2003
    #72
  13. Jem Berkes

    Alan Connor Guest

    Listen, you keep saying that I am totally incompetent, and I have given
    you public permission to try and crack my box.

    What are you waiting for?

    (about 10 more years of computer science, would be my guess)

    Posts ignored for 60 days from today.
     
    Alan Connor, Sep 27, 2003
    #73
  14. Hey! My advice is great! It's yours that is lousy, get it right! And
    yes, I give people 30s to log out of the root account before the big
    gun goes off real close to their head.

    Peter
     
    Peter T. Breuer, Sep 29, 2003
    #74
  15. Yah, that's true.
    I'm not sure he's psychotic or unreasonable, but if he were, that would
    explain the structure of many of his posts. He seems also to be the
    author of an extremely psychotic mail-bouncing system, but there you
    are ...
    He can't discuss, that's true. But then neither can many people. And
    when I browbeat them about it they go all psychic too! I have, however,
    steered fairly clear of engaging AC, which probably is an indication
    that *I* subconsciously suspect he's really crazy.
    I don't believe it. But then I don't believe anything by default.
    I would have said exactly the opposite - it does not *explain* his
    behaviour, but it certainly does justify it.


    Peter
     
    Peter T. Breuer, Sep 29, 2003
    #75
  16. That's true. There is nothing intrinsically wrong with using telnet.
    Uh, no. "We" aren't. We are not going to do so at all unless we know
    what we are doing and what the likely consequences are.
    Would you mind wrapping at 72, thank you?
    Uh. Pass. Please drop the gratuitous insults.

    Peter
     
    Peter T. Breuer, Sep 29, 2003
    #76
  17. OK, fine. Where is it?

    Peter
     
    Peter T. Breuer, Sep 29, 2003
    #77
  18. Jem Berkes

    Alan Connor Guest

    Which is what I recommended in an earlier post. Pretty obvious.
    I wrap at 80.

    YOU *dare* to say that? You ARE a buffoon!
     
    Alan Connor, Sep 29, 2003
    #78
  19. Jem Berkes

    Alan Connor Guest

    Take the next right and drive to the big tree on the left and park there
    until a man with a pink carnation in his lapel puts on a pair of sunglasses
    and blows his nose in that order. Ask him.

    --------------------------------------

    Actually, we are off and on the net, with a new IP each time. All contacts
    are scheduled and we send out/receive the IP and port(s) and dance routines,
    encrypted, (one-time pads) just as soon as we log on. We use netcat rather than
    telnet because it is faster and easier to script with.

    Some of our contacts are done through a different computer with a different
    account (ISP) that we connect to with minicom over the phone lines and get
    on the Internet from there.

    None of those bozos ever bothered to ask what sort of precautions we took.
     
    Alan Connor, Sep 29, 2003
    #79
  20. Jem Berkes

    John Doe Guest

    A properly-configured and secured machine running telnet is no less
    secure than one running sshd. Just "running" telnetd does not pose a
    security risk to the machine itself (no more than the recent sshd
    exploits). It is only at the time of login that passwords can be sniffed
    and then after that, when traffic (such as mail being read) is in the
    clear.

    Securing your system with standard firewall rules that only have port 23
    open to and from known hosts, and blocked from everyone else, completely
    prohibits any and all sniffing. In fact, to anyone else, port 23 is
    closed, which is exactly how it should appear.

    The "telnet is insecure, don't use it" FUD has gone on long enough.
     
    John Doe, Oct 11, 2003
    #80
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.