Re: Masquarading on a dialup connection

[Aviram Jenik]

>
> it is the telnet protocol itself that is insecure.

Not the protocol, but the fact that it's clear-text.

> some telnet
> clients and servers did override this problem by moving the authentication
> part into using a more descent method (e.g. kerberos). alas, you cannot
> interoperate them with telnet clients/servers that use the normal
> (RFC-based) telnet protocol.
>
Guess you haven't heard on hijacking. Clear-text authentication is only half
of the problem. But even without knowing the root password, I can easily
hijack a telnet session (or do simple insertion attacks) and viola! I'm
connected as root.

-------------------------
Aviram Jenik

"Addicted to Chaos"

-------------------------
Today's quote:
I am free of all prejudice. I hate everyone equally.
                         - W.C. Fields


=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]