Kind of sad

Joe · November 10, 2014, 11:34pm

Kind of sad that the state govs don't curtail telnet,

[root@bighughness ~]# telnet 167.240.254.155 623
Trying 167.240.254.155...
Connected to external-dns1.state.mi.us (167.240.254.155).
Escape character is '^]'.
Username:root
Password:

Brian_Henson · November 10, 2014, 11:48pm

Generally speaking its a bad idea to show you hacking into a server. Makes
it to easy to prosecute those who do.

Mike_Hale · November 10, 2014, 11:58pm

That's a far, far cry from hacking...

Aaron_C_de_Bruyn1 · November 11, 2014, 1:14am

Maybe in your opinion, but not the opinion of the very same people who
were stupid enough to keep telnet open. ...and those same people have
armies with guns. So my opinion and your opinion don't really matter.

-A

Miles_Fidelman1 · November 11, 2014, 1:35am

Aaron C. de Bruyn wrote:

James_M_Keller · November 11, 2014, 1:40am

Hopefully a honeypot / synthetic response from an IPS unit....

Joe · November 11, 2014, 3:43am

Generally speaking its best you do what your good at and this is not it.

Exposing there is a window open to a gov agency is not hacking, trust me. I
would say go back to fathering children and once you have a few more years
under your belt feel free to join in.

J_Hellenthal · November 11, 2014, 3:58am

Ha ya know what they say... Don't ever trust someone that says "trust me..."

Javier_J · November 11, 2014, 8:32am

Is there a vulnerability in telnet to be exploited? If not it might be on
purpose. I know of switching gear that is publicly accessible via telnet.

Karl_Auer · November 11, 2014, 9:05am

telnet does not of itself encrypt anything. If you log in somewhere via
telnet, everything that passes between you and the remote end is passing
in clear text. That is true for all data sent to you or from you during
the whole session, but especially for the username and password you may
have used to log in with.

Unless you have secured the channel by some other means (an encrypted
tunnel, for example) or you own and control and can vouch for every
piece of the infrastructure between you and the remote end, using telnet
is just about the most insecure thing you can do short of mailing stuff
to yourself on postcards.

Someone who puts a real switch doing real work on the Internet with
working telnet access is asking to have at least the switch compromised
very quickly. A plaything, a honeypot, or a teaching tool - maybe.
Anything else, probably a bad idea. Remember that if I own your switch,
I own all the data sent to or from any system connected to that
switch...

Regards, K.

Eugeniu_Patrascu · November 11, 2014, 9:40am

Remember that CFAA has a very vague definition of "unauthorized computer
access".

Javier_J · November 11, 2014, 11:05am

I agree with you 100 percent. But my point is. Telnet in and of itself
isn't broken. Not that I would want to leave it open to the world. He.net
has a router you can log into over telnet with no auth. Forgot URL but you
can find it on their site.

Javier_J · November 11, 2014, 11:07am

Found it.

telnet://route-server.he.net

Michael_Thomas · November 11, 2014, 3:44pm

How so? Assuming that you're using password auth, the real vulnerability is somebody figuring out the
password and owning the box. SSH certainly helps here immensely with rsa auth, but only if you use it.

An active MITM attack or passive snooping on telnet streams seems like it would be orders of magnitude less
dangerous on a list of threats. SSH is definitely a Good Thing, but it's not a sliver bullet.

Mike

Rafael_Possamai1 · November 11, 2014, 4:01pm

There are thousands of devices out there with vulns that'd make you feel
sick to the stomach. You can be a good samaritan and alert the appropriate
contacts, but simply bringing into public doesn't really fix the issue.

Karl_Auer · November 11, 2014, 9:22pm

> Someone who puts a real switch doing real work on the Internet with
> working telnet access is asking to have at least the switch
> compromised very quickly.

How so? Assuming that you're using password auth, the real
vulnerability is somebody figuring out the password and owning the
box. SSH certainly helps here immensely with rsa auth, but only if you
use it.

Well - yes. That's sort of my point. If you are going to send a password
over a network, make sure it's encrypted. Telnet isn't encrypted.

An active MITM attack or passive snooping on telnet streams seems like
it would be orders of magnitude less dangerous on a list of threats.
SSH is definitely a Good Thing, but it's not a sliver bullet.

I didn't say it was. I just said that sending passwords in clear text
over the network is a very bad idea. Telnet does that, so using telnet
is a very bad idea. Use ssh, and the problem is gone. There are other
ways to make the problem disappear, and obviously neither they nor ssh
will protect you if you do any of a dozen other silly things.

Don't use telnet access for management of anything valuable unless you
own every inch of the path from you to it, or unless you can encrypt the
channel via other means.

Regards, K.

Ricky_Beam · November 11, 2014, 9:37pm

And you, sir, should consult a lawyer before publicly slinging insults.

I'm not a lawyer, but I have worked with one in this area. What you have
post *is* evidence of a crime under the Computer and Fraud Abuse Act.
The wording of that law is horrible, but it is what it is; the bar for
of "unauthorized access" is *very* low. How you found it is irrelevant.
You connected it to it -- knowing full well you are not authorized --
and proceeded to attempt to login, even if in jest.

(Government agencies have zero sense of humor. And judges have next to
no understanding of technology. Merely being charged can be a career
killer.)

Larry_Sheldon · November 12, 2014, 2:25am

As an ex-admin I completely--we took action for such things.

My understanding is that you can get a nasty lead overdose for standing next to a car with a Slim Jim, or trying doors to houses and warehouses to see if they are locked.