[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Re: Re: open telnet port
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: Re: Re: open telnet port
- From: Dave Ewart <Dave.Ewart@xxxxxxxxxxxxx>
- Date: Thu, 9 Sep 2004 16:12:31 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday, 09.09.2004 at 10:47 -0400, Kenneth Ng wrote:
> You really should not need this as the norm. I do this when I'm
> working on the ssh daemons, but thats about the only time. What I do
> is I enable it on a screwball port number, then use tcp wrappers to
> only allow access from my ip address and change the root password
> before I begin. In that way the opening is there while I may need it,
> and if I use the temporary root password, it won't do them much good
> unless they compromise the host I'm coming from. Afterwards I disable
> the service and change the root password back.
>
> If you need this on as the norm, please at least use TCP wrappers to
> limit from where it can be accessed, and change any used passwords
> immediately after reestablishing control.
Or, alternatively just use another SSH daemon or a different port and
not have to faff around with exposing passwords in the first place :-)
Dave.
- --
Dave Ewart
Dave.Ewart@xxxxxxxxxxxxx
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBQHLfbpQs/WlN43ARAuacAJoDuWWfOcfxc+eo20Xzs3gI1OZpWwCeLbZs
NcGTEVhQy57dN/4yvuIN3R4=
=5H6S
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html