Subject: Re: inetd.conf defaults
To: None <tech-net@netbsd.org>
From: Erik Fair <fair@clock.org>
List: tech-net
Date: 05/28/2000 00:25:49
At 23:26 -0700 5/27/00, Hal Murray wrote:
>I think a web page discussing the issues would be more valuable.
>Does one exist already? (I don't remember finding one, but I haven't
>looked carefully recently.)
http://www.clock.org/~fair/opinion/ip-address-trust.html
At 23:57 -0700 5/27/00, Greg A. Woods wrote:
>[passwords in the clear suck; turn off telnetd and ftpd too]
All these protocols suck unless you have IP security in transport
mode using ESP (AH is not sufficient). However, for telnet and ftp,
at least you have to give a password. The rhosts mechanism is totally
insecure in its current incarnation. We could reasonably turn it on
again if a hook to test for IPsec/ESP was added as a requirement to
accept authentication.
>In fact given the availability of sniffing tools it's actually a lot
>"safer" to use rsh, rcp, and rlogin internally with ~/.rhosts than it is
>to use telnet and ftp. Your local colleagues are less likely to play
>ARP and TCP spoofing games than they are to just sniff for your
>password (or any other password you may type! ;-).
False. All an attacker has to do to get in via r* is prevent your
host from transmitting anything (i.e. crash it or muzzle it with a
DoS), and then pretend to be you! This is how Kevin Mitnick attacked
Tsutomu Shimomura's machines, totally remotely. No password sniffing
or physical access required. (OK, there was some TCP sequence number
guessing in there too).
>BTW, that reminds me: What do people who don't 100% trust their local
>network neighbours do when they only have an X11 terminal on their desk
>and they need to type a sensitive password (eg. typing the root password
>to "su" through an xterm process running on a local server)?
That's easy - replace all your 10base-T hubs (and thinnet) with
switches. Can't sniff what you can't see. 8-port 10/100 FDX switches
are around $100 now.
Erik <fair@clock.org>