> Password -sniffing was obviously possible

Many years ago someone where I worked wrote a program that filtered
the promiscuous output of an ethernet card looking for (the equivalent
of since we weren't running TCP) a SYN packet to the telnet server
and the first data bytes in the same direction.  When two lines
of data had been received the output was displayed (no need to look
for responses).
What we got was usernames and passwords scrolling up the screen
(1 every second or so), 80% of which were for root.

Needles to say the source of the program (written to see if we'd
got promiscuous mode working properly) was quickly deleted.

Of course these days network sniffing software is MUCH more common.

OTOH if I get my sun 3/60 working ssh is a little OTT for it.
rlogin (with .rhosts) requires DNS spoofing - generally tougher
than network sniffing.

	David

-- 
David Laight: david@l8s.co.uk