newbie question, telnet on local network vs ssh & security

newbie question, telnet on local network vs ssh & security

Post by Joe Fredrickso » Sat, 27 Jul 2002 21:44:43



USE ssh! (Irrespective)

If you dont have an adequate firewall running on both machines
or between them and the Internet, then if someone wants to read
your passwords they can hack into your PC's and do so....

To answer your other q...
No the packets stay inside your LAN, they dont visit the 'net'
for any part of the journey...

cheerio

 
 
 

newbie question, telnet on local network vs ssh & security

Post by Mark Newb » Sat, 27 Jul 2002 22:24:01



> I just set up my first Linux box (yay!) at home. Both it and the "main
> computer" (a Windows box) are plugged into a hub, which is plugged
> into a cable modem.

> I noticed telnetd is disabled on the linux distro; is it 100% safe for
> me to re-enable it? I will be connecting from the Windows box to the
> Linux box at home, never from a remote location.

> Am I right in assuming there is no way anyone could possibly read the
> cleartext passwords, etc, over the telnet session, since both
> computers are sitting here together in my bedroom, on the same cable
> modem?

> Or am I wrong, and the packets *DO* go "out to the internet" for some
> reason, despite being 2 feet away? (I really doubt it works this way,
> but I'm a newbie and I want to make sure!)

> (I realize that if someone plugged a 3rd computer into the hub they
> could look at the traffic.. But that won't happen...)

> I know it would be simple to just use SSH but this is more of a
> "theory" question...

> Thanks!

sounds like you need to get yourself a firewall.  your linux box could
act as a firewall and router for your windows box, eg:

  Internet
     |
     |
   modem
     |
     |
  firewall (can be your Linux desktop, but better separate)
     |
     |
  windows (uses `firewall' as gateway (default route))

you can pick up a second hand P133 or similar for next to nothing and
install a firewall distro like <http://www.smoothwall.org/> (which
installs & configures in about 5mins!).  failing that, have firewall be
your desktop linux box and use a firewall builder like Firestarter, or
create your own firewall script (much harder, lots of reading).

as for telnet, if you use the above setup, there's not much risk
(nothing's completely secure) in running telnet between firewall &
windows, or vice versa, as nobody on the Internet can see this traffic.
  However, if you haven't got a firewall in place, then it's child's
play to crack either firewall or windows and sniff this traffic, etc.

to be safest, always use ssh as Joe suggests --it works just like telnet
and there's Windows SSH clients out there for free (PuTTY, etc).  but
bear in mind every single bit of s/w on whatever box is connected to the
Internet (eg `firewall' in above diag) needs to be kept bang up to date
--even SSH has had security holes discovered & patched these last few
weeks).

mark

 
 
 

newbie question, telnet on local network vs ssh & security

Post by Edward Ned Harve » Sat, 27 Jul 2002 22:25:38



> USE ssh! (Irrespective)

> If you dont have an adequate firewall running on both machines
> or between them and the Internet, then if someone wants to read
> your passwords they can hack into your PC's and do so....

> To answer your other q...
> No the packets stay inside your LAN, they dont visit the 'net'
> for any part of the journey...

> cheerio

This is true, but it will never happen.  Someone hacking through your cable
modem into your home network, that only has 2 computers....

You're safe, don't worry about them.

 
 
 

newbie question, telnet on local network vs ssh & security

Post by 60f27195bc690.. » Sat, 27 Jul 2002 23:30:06


|Ok, I hear that alot - but why?
|Really, if everything is up to date (latest windows patches, same for
|linux) then why would I (or anyone) need a firewall?
|I've never really understood what they're for...

Several reasons. Here are a few:

1. You may not be able to patch a service in time when a hole is
discovered.  Say you run Apache on the LAN. However for some reason or
other you didn't restrict the clients to your local network, or there's
an exploit that will work even with that restriction is in place. Until
that service is patched, you are vulnerable, even if you intended the
service for the LAN. Another hole being exploited now is the MSSQL hole
at port 1433. Not to forget the IIS http hole. With a firewall, you
improve the chances and gain a bit of time (which can be a lot of time
if your vendor, not necessarily a Linux vendor, is not forthcoming with
fixes) provided you don't portforward the service from the outside.

2. You test services but sometimes misconfigure them, leaving them
exposed. A firewall cuts you a bit of slack.

3. With a firewall you prevent noisy services from leaking information
to the outside. I sometimes see Netbios over IP broadcast packets on my
ISPs cable because some silly * has connected their cable modem to
their hub directly.

4. You can reduce the effectiveness of viruses that call home by
allowing clients to connect only to known services.

5. A firewall/gateway allows you to keep a bunch of clients connected to
the Internet even if your main server goes down.

6. If you are running a shared site, you can control what other machines
offer to the Internet with a firewall. E.g. you probably don't want
schoolkids to run P2P servers on school desktops. You can measure and
shape the traffic to clients.

|Same question.. Is it really that bad? If I've got the latest patches
|installed, then there's really nothing anyone can do, except try to
|guess my password, correct?

Wrong, many exploits don't depend on passwords being cracked but on bugs
in the code.

 
 
 

newbie question, telnet on local network vs ssh & security

Post by 5893c3f46d827.. » Sun, 28 Jul 2002 09:01:16


|While messing around with Ethereal, I recently discovered that
|Quicken, a program I've been using for the last year, runs something
|in the background 24/7 that randomly sends small encrypted chunks of
|data to Intuit's site. There is no option to disable it in Quicken,
|and if you remove the Windows registry settings, Quicken puts them
|back next time you run it.
|
|...
|
|So, yeah.. What the hell is it doing? I don't know. Would a firewall
|have stopped it? It was using port 80 if IIRC. How would a firewall
|know that this DLL is not supposed to connect to the internet, but
|iexplore.exe can?

If you really want to stop it you can block packets to the IP address of
the Intuit site. You'd have to devise something more sophisticated if
you also browse their site now and then, like authentication via user
ID.  But who knows they may disable some functionality if you don't
contact them every so often. You're basically at their mercy.

 
 
 

newbie question, telnet on local network vs ssh & security

Post by Mark Newb » Thu, 01 Aug 2002 20:10:45


Quote:> True, true.
> All very good reasons...

especially if you're running Windows behind and Internet connection
w/out any kind of firewall in place.  From what I've seen on the
security lits, etc Microsoft takes a heck of a long time to provide
fixes/patches to security holes/bugs.

some people think that home users just aren't at risk and say things
like "what would a cracker want with my silly little computer that has
nothing but MP3s and pictures of my holiday on it?".  there's many myths
and misconceptions like this that have their roots burried in the past.
  The Internet is constantly changing and growing and we need to change
our views and approaches to things like security w/ these changes.

I've recently written a magazine article on Internet security, which
showed the number of security incidents increasing at the same rate as
the increase in the overall size (hosts count) of the Internet --and
that's like an exponential curve!

crackers normally want ot use home users' computers as a launch pad to
carry out more interesting activities like DDoSs.  most of the time
users are completely unaware they've been cracked, as the crackers are
extremely cleaver and their tools hide the existence of their actions or
installed programs.

Quote:> While messing around with Ethereal, I recently discovered that
> Quicken, a program I've been using for the last year, runs something
> in the background 24/7 that randomly sends small encrypted chunks of
> data to Intuit's site. There is no option to disable it in Quicken,
> and if you remove the Windows registry settings, Quicken puts them
> back next time you run it.

> It's not listed anywhere as "spyware", Adaware does not catch it.

> It supposedly "makes sure you have the latest updates" and that's all
> I can find out about it through a google search.

> So, yeah.. What the hell is it doing? I don't know. Would a firewall
> have stopped it? It was using port 80 if IIRC. How would a firewall
> know that this DLL is not supposed to connect to the internet, but
> iexplore.exe can?

> Honestly, I don't care. I still use Quicken! They win. As long as I
> run windows, there's no way I can know what the software I install on
> my own computer is doing. Even if I ran Linux as my desktop, I'd have
> to rely on someone brighter then myself (and with much more free time)
> to look at the source code of everything that comes with the typical
> Linux distro, and audit it.

that's not necessarilly a security issue, although a `personal firewall'
product like ZoneAlarm (use google to find it) for Windows allows this
fine grained control of what programs can do what.  I suggest - as a
minimum - you install this program.

the harsh fact in this day and age is: if you've got an Internet
connection, you need a firewall.  end of story :)

don't think you're not at risk.  you are!

good luck
mark

 
 
 

newbie question, telnet on local network vs ssh & security

Post by Mark Newb » Thu, 01 Aug 2002 20:22:23


Quote:>>USE ssh! (Irrespective)

>>If you dont have an adequate firewall running on both machines
>>or between them and the Internet, then if someone wants to read
>>your passwords they can hack into your PC's and do so....

>>To answer your other q...
>>No the packets stay inside your LAN, they dont visit the 'net'
>>for any part of the journey...

> This is true, but it will never happen.  Someone hacking through your cable
> modem into your home network, that only has 2 computers....

> You're safe, don't worry about them.

are you sure you're qualified enough to make these statements and to
give an Internet user such advice?

how, pray, can a Windows PC connected directly to the Internet through a
modem be ``safe''?  Who's to say that he's not already been cracked?
...how could you tell?

It's this type of attitude that compounds the problem and makes hard
work for the security industry.

I'm hoping the recipients of this e-mail won't be naive enough to
believe you.  long gone are the days when home users were [relatively] safe.

some people even believe that just because they've not heard of a home
user being cracked into (not `hacked'!), then they're safe!  Crazy.

mark

 
 
 

1. Newbie question: can't log ssh telnet, or regular telnet into FSD

So I decided to format my system, start fresh with an upgraded FSD...
4.2 I believe.  Have everything all nicely set up with my router like
before... can telnet to it from my main machine and can ftp to it.... so
I figured that everything is fine....leave my place and at work, I can't
ftp or telnet to it!  Someone give me some hints of what I need to do.  
I have gone through my rc.firewall, and changed the values to machine my
intranet.... hosts etc etc.  But I know there is this little thing I am
forgetting so I need some hints.

Thanks ahead.

2. Prerequisites for destroying the M$ Monopoly

3. telnet or ssh over local network

4. Problems with Perl

5. telnet vs. rlogin on local network

6. Printer for FreeBSD

7. telnet 0 vs telnet `hostname` vs telnet 127.0.0.1

8. NFS & EXEs

9. Network Problems - Remote Ping successful / telnet local successful / telnet remote failed

10. Security question concerning port security and SSH.

11. Telnet & SSH questions

12. telnet & ssh & ping

13. newbie question: connecting local network to Internet