[40010] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (fingers)
Tue Jul 31 10:03:44 2001
Date: Tue, 31 Jul 2001 15:56:08 +0200 (SAST)
From: fingers <fingers@fingers.co.za>
To: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: "Mr. James W. Laferriere" <babydr@baby-dragons.com>,
<nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.21.0107311448150.23776-100000@staff.opaltelecom.net>
Message-ID: <20010731155409.J6051-100000@snow.fingers.co.za>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hi
> true, but i would point out that if its your core equipment that you are
> accessing from your network that sits directly on the core then you should
> be happy with the fact that no one is eavesdropping and it makes no
> difference.
not everyone has out-of-band networks for management. Management of
devices is sometimes done thousands of miles away. Remember also that this
traffic can be sniffed before it gets to the core (yes, ssh is sniffable
aswell, but just not as easily, and atleast it's not in plaintext)
> so thats my main logic, authentication... i cant understand the big
> paranoia on people sniffing tho!
unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully
it's not as easy for the naughty eavesdropper to get into the right
position for that....
--Rob
