> If you need this on as the norm, please at least use TCP wrappers to > limit from where it can be accessed, and change any used passwords > immediately after reestablishing control.
I think the real insecurity in telnet comes not from buffer-overflows and whatnot, but rather from people sniffing the network and getting your password in a nice convenient program window. Actually, my guess is that the telnet daemon is probably quite secure in terms of remote exploits. Try it sometime on a small temporary network. Start ethereal and the login over telnet to some machine. Right-click on a telnet packet and select "Follow TCP Stream". In the next window, view the stream as ASCII. Hey, look, it's your password. This is what convinced me that telnet is bad. -Andy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
