Did I give up on telnet too easily?

Discussion in 'Linux Networking' started by Jem Berkes, Sep 21, 2003.

  1. Jem Berkes

    Keith Keller Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    True--so is a usenet posting alleging to contain one's home IP address.
    Why would I trust Alan (or anyone else) not to post someone else's
    IP address?

    Presumably Alan's NNTP-Posting-Host might be his home IP address, though
    I wouldn't count on that, either.

    - --keith

    - --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAj+ItCoACgkQhVcNCxZ5ID84NQCggQWmIDiB5Zv30lNee6jh7dhm
    FSEAnA//aDq7YEfB6Y1kjHQz8ttij+EG
    =j6+7
    -----END PGP SIGNATURE-----
     
    Keith Keller, Oct 12, 2003
    1. Advertisements

  2. Jem Berkes

    Alan Connor Guest


    If you want me to read your posts, hide the PGP sig.
    Obvious PGP sigs have no place on the Usenet, accomplishing nothing but to
    clutter up your posts for the 99.9% of the people who don't use that software.
    Especially for those of us with newsreaders that don't hide the bulk of
    them. No, I am not getting a new newsreader so that you can ego-trip.
    If it wasn't an ego-trip you would put that info in your headers and
    make a small reference to it in your sig, like people with MANNERS do.
    The Usenet maximum for sigs is 4 lines. Period. That means anything beyond
    the article itself.
     
    Alan Connor, Oct 12, 2003
    1. Advertisements

  3. Jem Berkes

    Michael C. Guest

    I doubt he's that concerned that you read his posts. The sig allows
    people to verify that he did in fact write that. Any Tom, Dick or Alan
    could post as Keith Keller, if you wanted to be sure that he in fact
    posted a script or config file, and not someone with ulterior motives,
    and you aren't knowledgeable enough to follow it - you could verify that
    Keith Keller actually posted it before trusting it.
    You know with your attitude I was 90% sure you used MSOE in spite of
    your talk of security (which I'll let someone with more experience
    educate you on). I was quite surprised when I checked headers and
    saw you were using slrn which CAN hide PGP/GPG signatures.

    "User-Agent: slrn/0.9.7.3 (Linux)"

    There's a small chance I'm wrong, I won't downgrade to find out, but I'm
    using slrn/0.9.7.4 and if I hit ']' PGP sigs disappear.
    Off to check out GPG:)

    Michael C.
     
    Michael C., Oct 12, 2003
  4. Jem Berkes

    Alan Connor Guest

    Killfiled for the stupid, obnoxious, pretentious PGP sig.
    Which violates the spirit, if not the letter of the Netiquette Guidelines.

    Gotta clean the riffraff off the Usenet.
     
    Alan Connor, Oct 12, 2003
  5. Jem Berkes

    Alan Connor Guest

    If you want me to read your posts, hide the PGP sig.
    Obvious PGP sigs have no place on the Usenet, accomplishing nothing but to
    clutter up your posts for the 99.9% of the people who don't use that software.
    Especially for those of us with newsreaders that don't hide the bulk of
    them. No, I am not getting a new newsreader so that you can ego-trip.
    If it wasn't an ego-trip you would put that info in your headers and
    make a small reference to it in your sig, like people with MANNERS do.
    The Usenet limit for sigs is 4 lines. That means anything beyond the
    article itself.

    killfiled for 90 days after receiving the above notice once before.
     
    Alan Connor, Oct 12, 2003
  6. Jem Berkes

    Michael C. Guest

    Funny, I seem to recall saying that you said that.
    Who? I sure hope it wasn't me!

    I've never killfiled anyone for baiting me before. Congrats you're the
    first.

    PLONK!!

    Michael C.
     
    Michael C., Oct 12, 2003
  7. I get to be insulted by any untruths. Full stop. I don't care who you
    are.
    Well, perhaps you'd care to look me up on google then.
    They can. But they don't pass the Turing test. Neither does AC. I do.
    I'm not angry, I just don't like you. I may start to like you if you
    behave nice, but who cares? It's good enough if you speak the truth.
    Why should *I* care? I bitch at you if you say wrong. If you don't like
    it, say right. It's no skin off my nose if you "respect" me or not! Why
    should I give a toss about you and your respect or otherwise! How
    funny! All I care about is the truth, and I don't like to see the truth
    "dissed", and I could not care less whether you like or dislike the
    defense of it.
    Nah, it doesn't. You can lock the login so only one can log in at a
    time (ln .cshrc .nologin || exit 0 in .login). Try again, hip cat.

    And anyway, who cares? The security given by the mechanism I told you
    about is enough for me. No, there are no hackers sitting on the tcp
    lines of the world waiting for me to type my passwd in the clear. Not
    even in mexicanos warez hausen.
    Don't be silly. You'll make yourself out to be a nutter.

    Peter
     
    Peter T. Breuer, Oct 12, 2003
  8. Jem Berkes

    Keith Keller Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    NotDashEscaped: You need GnuPG to verify this message


    Okay--I'll keep using gpg to sign my posts, then! Though I thought you
    already had PGP-signed posts killfiled already, so who knows how you
    were able to read my PGP-signed post in the first place.
    I believe 0.9.7.4 can hide the bottom part of the PGP sig, and 0.9.8.0
    can hide the top and bottom components of the PGP sig. I don't know
    what 0.9.7.3 can do in this regard.

    Wow, there are so many things wrong with that statement it can only be
    intended as humour. I know I'm laughing!

    This is not a rule, but a guideline. It's also a guideline to post
    factually correct articles, but I don't see you abiding to that, Alan.

    I have consciously chosen to break this long-standing usenet guideline,
    fully aware that I may be ignored by some people as a result. (Just be
    glad I don't use the default method of signing, which involves a MIME
    attachment. Ewwwwww.)

    BTW, are we still waiting for Alan to post his home IP address? :)

    --keith

    --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAj+JussACgkQhVcNCxZ5ID83QwCfTtaeRCq3IED0JAXvKp2VOOAd
    xJQAn3BqW5QEkKWV9yaLw74DRCnDRe2u
    =CvCl
    -----END PGP SIGNATURE-----
     
    Keith Keller, Oct 12, 2003
  9. Jem Berkes

    Alan Connor Guest

    There is simply no reasoning with paranoids: They see demons in every shadow,
    and there is no way to convince them that usually a shadow is just a shadow.

    A wise person keeps an eye on these people too: Most people project what they
    are onto others.

    Thieves think everyone is out to rip them off....

    Crackers think everyone is trying to invade their computer....
     
    Alan Connor, Oct 12, 2003
  10. Jem Berkes

    erik Guest

    And stupid people have no clue and think they know something about
    psychology.

    EJ
     
    erik, Oct 12, 2003
  11. Jem Berkes

    Bit Twister Guest

    I would have assumed Alan posted from home. My place of work would
    terminate me if I had posted a "crack me request" from company
    equipment.

    Now that would be plain stupid. Especially if he nmaps (or somethine
    to that effect) people back as he has indicated.

    I could still see someone try his box, he floods them and they
    get him arrested.

    http://www.capitol.state.tx.us/statutes/pe/pe0003300.html#pe001.33.01
    Read 33.01. Definition (1) "Access"
    33.02. Breach of Computer Security (a)

    http://www.umpqua.cc.or.us/policy/oregon-law.htm
    Read 1 (a) then (4)
     
    Bit Twister, Oct 12, 2003
  12. Jem Berkes

    Alan Connor Guest

    Killfiled for 90 days.
     
    Alan Connor, Oct 12, 2003
  13. Jem Berkes

    Alan Connor Guest

    Looks like I hit a nerve. Guilty conscience?
     
    Alan Connor, Oct 12, 2003
  14. Jem Berkes

    Alan Connor Guest

    Perhaps I was just baiting a trap with candy-coated bullshit, and have
    quite different ways of dealing with would-be crackers.

    Perhaps you'd like to try your luck, Big Mouth?

    No. I do not post from either work or home. That is, these posts cannot
    be traced to either place. By anyone. Even my ISP.

    I wonder, Big Mouth, how you would imagine that anyone would go about
    arresting someone that they couldn't find?

    Have you searched the phone books for "Alan Connor" ? Take a long time
    to investigate every one of them, and no guarantee that this is even
    my real name, is there?

    You DO know that most major ISPs accepts money orders and that acquiring a
    phone under a false name is childsplay? And that they do no
    investigation beyond checking with the phone company to see who the
    phone number is assigned to....(Hell, I don't even know if they do
    THAT.)

    Spammers run roughshod over the ISPs and elude every manner of government
    agency, but Brain Boy here thinks that for some reason *I* can be tracked
    down with ease.

    Oh well, we all need our little fantasies.
     
    Alan Connor, Oct 12, 2003
  15. Jem Berkes

    Alan Connor Guest

    If you or anyone else needs me to give you my IP address, in order to attempt
    to crack my box, then you are WAY out of your league, and I strongly advise
    you to find someone else to play with.

    I mean, you assume that it's a static IP, which is utterly naive.

    It's not. I could tell you what it is going to be at 11 EST tonight, when
    I have a scheduled contact. But my ISP couldn't....
     
    Alan Connor, Oct 12, 2003
  16. I'm afraid we DO need it, because we only know what news host you are
    posting through on the evidence of your posts here, and since that's
    not likely to be your home machine, we would have to crack the news
    server to try and figure out what machine was connecting to it when in
    order to make your posts, and that would be illegal ...
    Nobody assumes that, but telling us what it is at the moment would do
    nicely.
    Oh ho! Playing spymaster again are we :).

    Well, you must be on a dialup, if you are playing those games. A
    standard adsl or cable line would either be static or effectively so,
    since the dhcp assignment would be relatively constant.

    But if you are on a dialup then you're not going to be online most of
    the time for us to hack! Still, it would be considerate of you if
    you could tell us when you are on line and tell us the IP, so we
    can probe it.

    Peter
     
    Peter T. Breuer, Oct 13, 2003
  17. The same applies to you.
    Then how come the majority giving advice recommend ssh? Perhaps because
    the majority thinks ssh is better.
    (then again following the majority isn't always good, the majority prefers
    windows after all)
    And what about a user that takes your advice to use telnet instead of ssh,
    and mistakenly assumes he can forget about it.
    Does using ssh prevent that?


    Is installing and keeping sshd up to date any harder that installing and
    keeping telnetd up to date? I don't think so.

    Then using ssh instead of telnet for traffic over the internet seems like
    a good idea, ssh is no magig bullet, people could still try to log in
    through ssh and brute force your password (as they could with telnet)

    The best would be a combined approach ssh + firewalling off unknown hosts
    + monitoring and beeing ready to pull the plug on suspicious activity.

    What I'm trying to say Alan is that ssh is likely to be more secure than
    any homegrown system of hoops to jump through in order to keep a session
    alive (of course ssh + hoops es going to be even more secure)


    The point I'm trying to make is that there are two choices for the average
    user:

    1: Use telnet but know about the implications of unencrypted
    communications, use one time passwords and use home made security tools.

    2: Use ssh, keep it up to date.

    I think for most people the second alternative will be easier and more
    secure. Your solution may work perfectly for you and may even be secure
    (no way for me to know without looking at it more thouroughly than I'm
    willing to spend time on), but that doesn't mean your solution is suitable
    for everyone.

    regards
     
    Nils Petter Vaskinn, Oct 13, 2003
  18. Jem Berkes

    Keith Keller Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    NotDashEscaped: You need GnuPG to verify this message

    I would have assumed that Alan posted from work, because he's too dumb
    to configure his home networking.
    You see my point! :)
    I can't speak for anyone else, of course, but I have better things to do
    than to try to crack anyone else's boxes but my own.

    --keith

    --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAj+KyRQACgkQhVcNCxZ5ID+CeQCfSb4cwzIJjMePqwY5cMqKyti/
    YngAmwdI1H/BD/lDdU63lRbyKxqhsnw8
    =DcYt
    -----END PGP SIGNATURE-----
     
    Keith Keller, Oct 13, 2003
  19. Jem Berkes

    Alan Connor Guest

    (you might check out the relevant threads on sci.crypt)
    At last a sensible response from someone on this thread.

    Cheers, Nils.
     
    Alan Connor, Oct 13, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.