[40022] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Bob K)
Tue Jul 31 10:57:26 2001
Date: Tue, 31 Jul 2001 10:51:16 -0400 (EDT)
From: Bob K <melange@yip.org>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0107311518310.23776-100000@staff.opaltelecom.net>
Message-ID: <Pine.BSF.4.21.0107311034570.57568-100000@pi.yip.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 31 Jul 2001, Stephen J. Wilcox wrote:
> > But who said I am not on your network ? What if I penetrated your AAA
> > server, or, some other server on your network ?
>
> well your not. and if you were, i'm pretty well screwed! altho having said
> that, my network doesnt allow you to hop between machines.. but maybe you
> compromised my security? okay, i'm screwed again!
Security is generally not an all-or-nothing game. Most script kiddies
have enough skill to run a prefab'd exploit on your IIS server; some have
enough skill to inject trojan ARP entries and use tcpdump; but far fewer
have the ability to decrypt ssh packets (although new tools are making
this easier). In cases where ssh is an option, why not use it?
--
Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.
