Re: Localhost connection refused

[Jonathan Q <jq@example.com>]

I have to take serious issue with this.

Scott (scottro@example.com) wrote:

> on 15:39 2001/07/08 +0900, Glenn Evanish wrote
>

> I'm going to modestly recommend mine  :)

Modesty is certainly called for.  Telling people
that telnet is not a security problem is a real disservice and
quite inaccurate.  Telling people how to enable telnet is also
a disservice.

You state:

-----
A quick interjection on ssh here--many people say, telnet is insecure, use ssh instead.  Although ssh encrypts user names and passwords, those who know a lot about these things tell me that it doesn't offer a great deal more security than telnet. So, if you have ssh running, don't sit back and be sure that you're secure.
----

Would you like to explain to us all how sending an encrypted sessions is not
worlds more secure than sending a complete clear-text sessions, password
and userid included?  

To state that ssh doesn't offer a great deal more security than telnet
is just plain false.  Putting up a page that states that is 
irresponsible, at best.

SSH is *much* more secure than telnet.  If you think you can 
explain how an encrypted session is not far more secure than
a cleartext session, please go ahead.  Perhaps you're in the 
habit of  sending your credit card numbers to non-SSL site?

POPping to the same box, or any box where you have the same
userid and password.  If the network is end-to-end switched, this
is less of a concern (since the attacker would have to compromise
the destination box or a router in the destination network; if it's
not switched, any box on the target LAN will do.

However, the fact that POP is both insecure and widespread is
NOT an argument to reduce security even further by using telnet.

SSH also doesn't protect you from a luser being stupid and
using an easily  brute-forced password, but if a proper password
is used, anyone who intercepts an ssh session is going to spend
a *long* time trying to decrypt it.  Since most crackers have
neither a Cray nor a Beowulf cluster in the garage, SSH makes you
pretty safe.

A properly secure installer for <insert OS of your choice here>
would not even include telnet.  It would force you to do it
manually after the fact if your really wanted it.  

I hope you'll remove that page entirely.  It's a disservice to
*nix beginners.  If you don't, at least please make it accurate
WRT the relative security of telnet and ssh, and include a warning
that the reader should *not* enable telent, but if s/he is bound
and determined to do it against all better judgement, here's how

Regards,

Jonathan
-- 
There is Bag of Modul in the router