> > ssh if you need security. get rid of securetty otherwise :)
> 1) Figure out a valid username
> 2) Crack that user's password
> 3) Then crack the root password
>
> With root telnet enabled you've lost the protection of the first 2
> steps.
Well, securetty is still pretty much useless. It isn't necessary
for the cracker to get a user login and then break root passwd. s/he can
as well just sniff the n/w, to look for telnet packets containing the "su"
command and the subsequent transactions to crack the root password.
Only thing the securetty does is that it makes the cracker write
some what more elaborate ruleset to zero in on the "su" command, instead
of just plain banal telnet handshake packets..
Regards,
Kedar.
----------------------------------------------------------------
Kedar N. Patankar.
Senior Software Engineer.
ishoni Networks
...Broadband for everyone
http://www.ishoni.com
email - [EMAIL PROTECTED]
Phone: +91-80-2292125 (Work)
Fax: +91-80-2995545 (Work)
----------------------------------------------------------------
Don't worry over what other people are thinking about you.
They're too busy worrying over what you are thinking about them.
-----------------------------------------------------------------------
For more information on the LIH mailing list see:
http://lists.linux-india.org/lists/LIH
