[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Re: Re: open telnet port
- To: Andrew Farmer <andfarm@xxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Re: Re: Re: open telnet port
- From: "Gary E. Miller" <gem@xxxxxxxxxx>
- Date: Fri, 10 Sep 2004 23:43:09 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo Andrew!
On Fri, 10 Sep 2004, Andrew Farmer wrote:
> Still don't know why you'd use these instead of ssh/sftp, though.
As noted here earlier, if you update OpenSSL you stand a good chance
of dropping ALL your ssh conections until you install a matching
ssh update. Most sshd will not start if the openssl libs on the
disk are not the same exact version it was compiled with.
When I am updateing hosts hundreds or thousands of miles away in
an unattended facility I can not take chances on a fatal mistake
during an update. A backdoor telnet has saved my butt many times.
Also seen cases where a trojaned sshd was installed on the target
machine, but it would not run due to configuration issues. Having
a backdoor telnet means the system is back up in 5 minutes of
remote twiddling instead of dispatching someone to a remote co-lo.
Gotta keep the single points of failure to a minimum.
RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem@xxxxxxxxxx Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBQp5/8KZibdeR3qURAsJkAJ9GkiouGrOaOZGdVV3IWZGHWZwisQCfYWKw
Y2AkZ5AhztSUzO5D8j4cUAM=
=OrJe
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html