- security News Forums
- > Telnetd exploit on FreeBSD 7
- > Re: Who in the world is still using telnet?
Re: Who in the world is still using telnet? 24 February 2009 05:58
Tin Can Phone wrote on 17 February 2009 09:12
> Is there any good reason to use telnet to access remote machine these
> days?
Yep - but only in particular situations, typically where no risk
exists and/or it's just not possible (cost, time, resources) to use
something else, maybe both.
eg:
1. you've got a $20M mainframe in a highly secured location/data
centre that doesn't support anything else (like ssh), changing it
will cost a fortune, and there's no risk as telnet is enabled only
for VPN connections by admins carrying multiple factor auth
(typically tokens) from an SOE-secured laptop.
2. you've got a large network (which cost you a *lot* to implement
and has a large amount of legacy equipment that cannot be updated
overnight) consisting of devices that themselves do not support
anything other than telnet - most routers and switches used to be
this way - purchasing ssh support for cisco used to cost a fair bit,
but telnet was free out of the box IIRC...
Using telnet is only a problem if there is a risk associated with
it's use - otherwise, no risk = no problem, so in cases where it
would cost a small fortune to change it, then KISS principle applies.
Often it's easier (cost, time) to wrap the problem than to solve it
outright - like using a VPN in the eg above, or SSH'ing to a box next
to the telnet-only device, and then telneting across a short link
internally.
All this said, the topic is about freebsd in this case which (I
agree) has no need to ever have telnetd enabled since sshd became the
default.
- Threaded View
- Flat View
