Regarding root access to telnet
Allen K. Smith
lazlor at bigboy.lotaris.org
Wed Feb 22 18:41:12 UTC 2006
On Wednesday 22 February 2006 10:26, Gavin McDonald wrote:
> agreed,
>
> For proof, just run a sniffer on the network segment as you login as root,
> you will see, in plaintext, your root password. (and any smtp passwords
> from mail clients, but that's a different problem... ;)
>
> Regards,
>
> Gavin McDonald
> ========================
> EVI Logistic Enterprises
> email: me at gavitron.com
> phone: (604) 313-3845
>
>
And since there are easy to use tools to fool switches into letting you impersonate any host connected to that switch, a switch won't protect you from this kind of thing (or provide any security really).
mumble-mumble, poof. Now my workstation is the router for this network and I see all your plaintext passwords. Cackle. With a good IDS/switch management sw and someone watching logs, you might catch the bad person doing this.
-Allen
More information about the redhat-list
mailing list