[oclug] TCP Wrapper problem
tburns at ualberta.ca
Wed Aug 8 10:15:14 EDT 2001
On Wed, 8 Aug 2001, Bart Trojanowski wrote:
> I find that having mindterm setup is a great alternative to telnet. This
> is true only if the client has a JVM (java virtual machine) in their
> web browser.
> 'mindterm' is a java applet that implements ssh. You place it in some
> non advertised location on your webserver and when you connect there from
> the outside you get to log in using ssh. Mind term, if not purchased,
> only allows you to login to the host it runs on. But if you purchase it
> you can connect to a 3rd host.
That's interesting. I thought that went counter to the security model in
place for Java. A Java application, of course, can connect to anywhere,
but an embedded applet, AFAIK, _ought_ to be restricted to the site it
comes from, to prevent nasty stuff (like sending your _unencrypted_ ssh
data to a 3rd party server, just for some 133t d00dz pleasure).
> When you are using someone elses box you can never be sure that the ssh
> binary was not compromised to save your password in some file. It is
> much less trivial to compromise Netscape's JVM than it is to compromise
But is it trivial to intercept an HTTP transfer? Yo! Hence the above
restriction on IP connections. (doesn't fix, but helps)
> * Curtis Ireland <cireland at solidum.com> [010808 09:59]:
> > Sometimes, telnetd is a necessary evil. Sometimes, the workstation you are
> > on does not have an SSH client, nor can you install one. For instance,
> > connecting from Algonquin College can only be done through Telnet.
> > I admit, if I had my way, the telnetd package would be left in a deep,
> > dark, dusty hole. Unfortunately, I need it. Instead, I have a second,
> > permission stripped account.
> > -C
> > At 09:22 AM 2001/08/08 -0400, Raymond Wood wrote:
> > >On 8 Aug 2001, at 3:02, Dave Lewis wrote:
> > >
> > > > I can't seem to get my wrapper configuration right.. I want it to
> > > display a
> > > > message on the screen of someone who
> > > > telnet's in or at least tries to telnet in to my machine, as well as send
> > > > an email to a specified user of their attempt
> > >
> > >Just kill telnetd altogether - it's evil, so uninstall it.
> > >
> > >Then get OpenSSH (client and server) to replace it.
> > >
> > >My $0.02,
> > >Raymond
> > >--
> > >"Freedom is no longer available for free."
> > > (recent 'newspeak' from ZeroKnowledge Systems)
> > >_______________________________________________
> > >oclug mailing list
> > >oclug at lists.oclug.on.ca
> > >http://www.oclug.on.ca/mailman/listinfo/oclug
> > --
> > Curtis Ireland - cireland at solidum.com
> > Solidum Systems - http://www.solidum.com
> > (T) (613)724-6004 x284 - (F) (613)724-6008
> > _______________________________________________
> > oclug mailing list
> > oclug at lists.oclug.on.ca
> > http://www.oclug.on.ca/mailman/listinfo/oclug
> WebSig: http://www.jukie.net/~bart/sig/
Heaven doesn't want me and hell is afraid I'll take over.
More information about the OCLUG