Lots of telnet sessions
George Toft
plug-discuss@lists.plug.phoenix.az.us
Mon, 22 Apr 2002 19:36:18 -0400
Matt Alexander wrote:
>
> On 22 Apr 2002, Bill Warner wrote:
>
> > ps...for the security concerned about telnet running this is all on a
> > firewalled lan. the off site connection is a dedicated t1. These
> > systems don't send any traffic over the Internet directly. Although not
> > great for keeping out inside hackers we are pretty secure from the
> > Internet.
>
> As long as the internal network is on switches, you shouldn't have too
> much to worry about.
> ~M
Check out:
http://rr.sans.org/switchednet/switch_security.php
Contrary to popular belief, it is very possible to sniff the network when
you're on a
switch. So even if you change the administrator password(s) and the SNMP
community
strings, you may still be vulnerable to switch hijacking. The easiest way to
sniff a
switched network is to use a tool called ``dsniff'' which tricks the switch
into sending
packets destined to other systems to the sniffer. [4] Dsniff not only captures
packets
on switched networks, but also has the functionality to automatically decode
passwords
from insecure protocols like telnet, HTTP, and SNMP, which are commonly used
to manage
switches.