[72787] in North American Network Operators' Group
Re: 2511 line break
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Mon Jul 26 17:52:52 2004
Date: Mon, 26 Jul 2004 22:52:14 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Randy Bush <randy@psg.com>
Cc: Valdis.Kletnieks@vt.edu, "Robert E. Seastrom" <rs@seastrom.com>,
<nanog@nanog.org>
In-Reply-To: <16645.31309.378762.811970@roam.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 26 Jul 2004, Randy Bush wrote:
> > whats the difference between telnet from a directly connected host and a
> > serial line?
>
> if the 'directly connected host' is on multi-point medium, then it
> is subject to sniff attacks
I realised that but you can 'sniff' a serial line if you physically tap it,
you're saying you can setup a span port much easier as its software tho right?
but that requires you to have compromised the switch and an attached server,
that in itself should be throwing up some alarms - rancid, tripwire etc?
it would be easier to hack the host directly and install a keylogger, only one
hack to do that way and you can grab any passwds from telnet or ssh sessions
Steve
