[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Port Scanning

To: firewalls@Lists.GNAC.NET
Subject: Re: Port Scanning
From: Haroon Meer <meer2@nu.ac.za>
Date: Tue, 15 Aug 2000 18:18:56 +0200

Mark..

Telnet/ftp (without sum form of tunneling) is "bad" because it passes data in 
clear text, run a sniffer on ur box (which u have root to) and initiate a 
telnet session to / from it. U will be able to collect username/password 
pairs from the sniffed traffic. now try the same with an ssh session...



Haroon Meer
+27 83 786 6637
Meer2@nu.ac.za
 
It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something's not right here...


>>> "Johnston, Mark" <mark.johnston@intec.co.za> 08/15/00 11:03AM >>>
Hi,
I would like to prove to someone that telnet is way bad, in comparison to
ssh when it comes to security.
So what would I need to do to check for telnet/ftp passwords on an internal
server ?

NB : I have root access to the box I'm going to try this on, so NO I'm not
trying to hack someone else's PC.

Thanks
Mark

>>> <<<

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: RE: IP addressing on firewall
Next by Date: RE: IP addressing on firewall
Prev by thread: Re: Port Scanning
Next by thread: Re: Port Scanning
Index(es):
- Date
- Thread