On Tue, May 7, 2013 at 1:20 PM, Derek Balling <dr...@megacity.org> wrote:
>
> On May 7, 2013, at 1:18 PM, Tracy Reed <tr...@ultraviolet.org> wrote:
>> The fact that telnet is insecure in some (now rare) use cases (any time you
>> enter a password)
>> is just one more reason to let it go.
>
> If I type my password in an NC connection is it somehow magically protected?
>
> For its most common daily use-case today ("get me to a specific port on the
> other host") telnet is no more or less secure than nc is.
True.
I'm surprised though that no one has mentioned that telnet is a
command that implements the TELNET protocol which from a quick count
has something like 50? RFCs describing how the base protocol and
optional extensions work. This means that when you use the telnet
command, you aren't getting a pure 8-bit data channel to the remote
TCP port. Now while I have to admit that I can't recall having run
into problems as a result of this, this could at least be a
theoretical problem when dealing with non-European character sets or
"binary" data streams. Given that "nc" is now widely available, it
would seem prudent to use it rather then leaving one open to the
possibility of odd behavior when using telnet. Besides "nc" is 4
characters shorter then "telnet" and based solely on that criteria is
superior. :-)
Bill Bogstad
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
