Great Circle Associates Firewalls
(February 1993) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: rlogin vs telnet
From: smb @ research . att . com
Date: Thu, 25 Feb 93 16:54:24 EST
To: Rahul Dhesi <dhesi @ rahul . net>
Cc: firewalls @ GreatCircle . COM 
	 The discussion about rlogin insecurity was a surprise to me.

	 If my telnet and rlogin servers both allow password-less logins only
	 from trusted hosts, why should I allow telnet and disallow rlogin?

	 The interesting point that seemed to be raised was that if you allow
	 rlogin you may also be allowing access to arbitrary other ports.  What
	 if I am already allowing such access and don't mind doing so?

There are two issues.  First, rlogin uses a very weak form of authentication;
it's sometimes possible to spoof it.  Second, the *source* port for rlogin
is a random ``privileged'' port, and you probably don't want to allow
unrestricted access in that range.
Follow-Ups:
Indexed By Date Previous: rlogin vs telnet
From: Rahul Dhesi <dhesi @ rahul . net>
Next: Re: NNTP on firewalls (was Re: wais ...)
From: rens @ lorax . shearson . com (Rens Troost)
Indexed By Thread Previous: Re: rlogin vs telnet
From: doug @ seas . smu . edu (Doug Davis)
Next: Re: rlogin vs telnet
From: chk @ alias . com (C. Harald Koch)
Google
 
Search Internet Search www.greatcircle.com