> > >> > Do they need telnet or ssh access, > >> > > Not telnet shell but this could be triggered with telnet/nc or even nmap, > hping, or tcpreplay - all of which could send an arbitrary payload to tcp > or udp ports. > For clarity, its probably best to specify if we're talking about client or server end. The original question was whether telnet or ssh access was required, that is, does the attacker require access to the telnetd or sshd. In GHOSTs case the answer is no, but if the attacker does have access and an account, all they need to do is execute a local binary that uses the older gethostbyname function rather than the newer getaddrinfo function, and pass it a long hostname to lookup. However, in this case its considered a local attack.
The attackers tool of choice (client end) will depend on personal preference and the network service that provides the access for the attack.
