Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] buffer overflow in telnetd
  • From: dirk janssen <dirkj@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 25 Jul 2001 14:25:34 +0200 (CEST)
  • Message-id: <Pine.LNX.4.30.0107251421550.9761-100000@xxxxxxxxxxxxxxxxxxxxxxxxxx>


On Wed, 25 Jul 2001, Markus Gaugusch wrote:

> Nobody should be running telnetd today, this can't be said often enough
> ... (sadly, it has to :(
> There are even free windows clients (teraterm pro, putty, ...), and you
> should also shut down ftp (and use scp/sftp instead).

well, I agree, but I have some win 3.1 machines here... AFAIK no ssh for
them available, so I sometimes switch on my rcinetd. I have setup my
hosts.allow such that only a handfull of hosts can access telnet, and it
has a one time password system. Any thoughts on the safety of doing this?

Dirk

PS the machines involved are all on my side of a university gateway, but I
am not sure how much protection that gives. I haven't tried to spoof IP
addresses through it, for that matter.



< Previous Next >
References