Mark..
Telnet/ftp (without sum form of tunneling) is "bad" because it passes data in clear
text, run a sniffer on ur box (which u have root to) and initiate a telnet session to
/ from it. U will be able to collect username/password pairs from the sniffed traffic.
now try the same with an ssh session...
Haroon Meer
+27 83 786 6637
[EMAIL PROTECTED]
It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something's not right here...
>>> "Johnston, Mark" <[EMAIL PROTECTED]> 08/15/00 11:03AM >>>
Hi,
I would like to prove to someone that telnet is way bad, in comparison to
ssh when it comes to security.
So what would I need to do to check for telnet/ftp passwords on an internal
server ?
NB : I have root access to the box I'm going to try this on, so NO I'm not
trying to hack someone else's PC.
Thanks
Mark
>>> <<<
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
