[NTLUG:Discuss] Strange iptables problem on CentOS 4.4

[steve]

. Daniel wrote:

> Okay you're just stating more of the same as everyone else but you're 
> leaving out the details like "how."  Yes, telnet is a plain-text protocol.  
> But who listens and how?  We know what people do when they get in.  So the 
> question remains, how do they listen?  They got a router out there 
> compromised?  What are we talking about here?

How do they spy in on your packets?  Well, if the data ever leaves your
building, there are a million ways.   The Internet isn't like a
telephone exchange - your data doesn't go directly from your machine
to the destination - it passes through any number of intermediate
computers and the dynamic nature of the routing algorithms mean that
it could go through untrustworthy computers along the way.

Computers that are infected with various malware are everywhere -
and some of that stuff spies in on packet data to see what is of
interest - and Telnet traffic has got to be really high up on the
bad guy's shopping list because it's a great way to hack into any
system that supports it.

> It's not a concern over anything in terms of difficulty.  After all, I can 
> ssh in and use the root account with much more ease.  But at the beginning, 
> when the 'secure' connection is being negotiated, there's enough evidence 
> both ways that, in theory, anyone who can be listening can also piece 
> together the bits associated with the sessons being monitored.  In fact, 
> one could go so far as to assume they are expecting to do as much since ssh 
> is more commonly used than telnet.  Now if ssh involved the use of a key 
> that was never transmitted during the negotiation part of the connection, I 
> could be down with it being "secure."  But so far, just as in the case of 
> https or even secure digital media, it's just in the name as being secure.

No - it's not like that.  Read up on RSA public key encryption.

But even if this was a teeny-tiny issue, it's nothing compared to doing
all of your communications in plaintext.

> Ultimately, telnet is about as secure as http.

Yes - but you don't send passwords via http - you use it to read web
pages that anyone else can also read.

> The protocols are rather 
> similar in nature.  The same goes for SMTP and quite a few other protocols 
> used on the net.  Telnet is rarely used as far as I can tell, so it may 
> even be [recklessly] easy to assume that since it's rare by comparison, 
> 'They' aren't even looking.  We don't hear people going on a tirade over
> non-secure SMTP nor HTTP and yet that's how a majority of traffic flows..

Security through obscurity?  No!!  That has been discredited a long time
ago!  It's very easy for some random idiot to stick in a packet sniffer
somewhere between you and your destination.

> I get that the protocol is largely deprecated by many.  (And yet routers 
> and many devices like switches still use that means.)  All I ask for is 
> why..  How is it exploited in ways that other protocols cannot be 
> exploited?  Why is telnet singled out in this case?

Telnet is used for sessions where your first action is to send your
username and password - then you get shell access to the machine.  If
the bad guy finds out your username and password and gets shell access
then the entire destination machine is owned by him - he can literally
make it do anything and cover his tracks perfectly.

That doesn't happen with any other protocol that I can think of.  Even
if you were stupid enough to enter your password into an HTTP (as
opposed to HTTPS) form, it would only give access to one specific
feature of one specific account.  It doesn't open the gates of full
blown shell access.

Truly, telnet is the most dangerous 'protocol' left on the Internet.