[40056] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Alex Bligh)
Tue Jul 31 17:39:03 2001
Date: Tue, 31 Jul 2001 22:38:31 +0100
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: Randy Bush <randy@psg.com>,
"Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: nanog@nanog.org, Alex Bligh <alex@alex.org.uk>
Message-ID: <175631740.996619110@[169.254.158.149]>
In-Reply-To: <E15Rb3n-000Lin-00@rip.psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
Randy Bush wrote:
> this is based on the fantasy that nobody inside is rotten. this is
> amusing at best, considering how much damage is done by inside jobs.
esp. if you count that part of the damage that is not
deliberately malicious (a.k.a. 'I was only trying to help').
Sources will relate over beer an interesting real-time
full-sirens-and-lights attempt to trace and close down a hacker
running all sorts of snoop programs etc. who turned out to be
an employee 'only trying to help'. Also no ends of restrictions
on ACLs etc. are put there by people 'only trying to help',
people who don't understand RCS editing RCS controlled files
via su and laying a booby trap for someone later on, etc. etc.
Perhaps this wasn't the 'rotten' / 'inside job' you meant, but
its >10 times more common, and >>10 times more dangerous.
--
Alex Bligh
Personal Capacity
