Telnet Security Problem?

[JACKHAMMER]

My ISP has always had shell access (through telnet or SSH). They have just recently dropped telnet access and now only SSH is allowed. Which royally pisses me offf b/c every PC has telnet, not SSH. They sighted security reasons fo doing so. I believe it is becasue telnet sends user/pass as plain text. Anybody have any info on this?????

 

[Emulex]

Due to a recent *bsd telnetd root exploit (i have the exploit, pretty sophisticated), I had to remove telnetd on all my boxens' at work.

Besides, telnet is archaic. Its clear-text password transmission, anyone sniffing can easily see your login/pw and further transmissions.

SSH is the responsible way to telnet it. Putty is a free ssh client for windows and 10x better than telnet. Its 100% free, just get it and use it .

 

[perry]

Yea, telnet sends everything as plain text. If you have three computers in a little local network on a hub telnet from one to the other and run a network sniffer on the third. You can watch the user/pass go right on through, and bingo -- you're in.

 

[goldboyd]

Here's the description of the newly found exploit Emulex mentioned.
ftp2.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc

And here's a link to Putty's homepage. http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a great program, and you can't beat it for the price. Although I prefer SecureCRT, putty is a great, quick download when I'm sitting at a machien without it.

 

[Soybomb]

SSH is the standard in the unix world, windows people are just used to telnet and not ssh because ms is too boneheaded to include a ssh client. Its a major pain in the ass, but your isp is right, its for the best. Clear text passwords and plenty of exploits make ssh a way better choice.