-
December 21st, 2004, 11:34 PM
#1
Microsoft's Telenet
Can Microsoft's Telnet become a security threat to Windows XP users? Is there a way to firewall it so that in can not be used as an exploit?
-
December 21st, 2004, 11:50 PM
#2
Re: Microsoft's Telenet
Originally posted here by Tetrismaster101
Can Microsoft's Telnet become a security threat to Windows XP users?
Telnet is a security threat in general. Anything plain text should never accept a password.
Is there a way to firewall it so that in can not be used as an exploit?
.... Are you talking about using it or...?
I would worry about using it for anything other than something which requires Telnet and telnet only. Which I doubt anything does anymore unless yuo have some shitty legacy application with no SSH support.
As for exploits, it is an application and ALL applications can be hacked / cracked one way or another because it's code, and anything written and compiled has an error somewhere.
Windows XP, the firewall it comes with is crap and there was recently another security flaw found in it which took half a year to fix, I wouldn't recommend it at all.
You really should be a bit more descriptive. I interpreted your question 9 ways, and I'm not going into each way.
-
December 21st, 2004, 11:55 PM
#3
yes telnet is a security risk. You can block the port telnet uses(23?) with any decent firewall, and not use it. You could use something like SSH or Putty to do your telnet stuff.
-
December 22nd, 2004, 12:11 AM
#4
Banned
The only remaining need for telnet is in older network hardware, routers and ****.
Instead of using your browser, you had to telnet to the router.
Oh yeah... Wargames too.
Telnet is not a security hole. The telnet server is.
-
December 22nd, 2004, 12:43 AM
#5
So pretty much the same thing I said worded differently?
-
December 22nd, 2004, 12:50 AM
#6
Senior Member
You can actualy switch off Telnet Service on Windows. Go to
"Control Panel - Administrative Tools - Services"
Find "Telnet Service" in there,
Rightclick on it and in the "Propeties - Startup Type"
change the field to "Manual" or "Disabled"
Hope it helps you
Telnet is a part of TCP/IP protocols and can become a threat to you. People can use it to Log on to your PC from the distance and actualy overtake it. They can also use Telnet option to conect to other ports of your PC except port 23. If I'm not mistaken, Telneting to port 15 will give an attacker the infor about your PC, e.g. which operating system are you runing and some of the services. I think that most of the firewalls heve these two ports blocked as default same as most of the others.
Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying
-
December 22nd, 2004, 09:40 PM
#7
We really need more information from the requestor to properly understand the question. If he is talking about the telnet client in XP, than yes, it has a major flaw that had a patch released just last week.
There really is no longer a telnet client in XP, it is integrated into hyperterminal, which has this flaw-
http://www.microsoft.com/technet/sec.../ms04-043.mspx
-
December 22nd, 2004, 09:47 PM
#8
Originally posted here by nightcat
You can actualy switch off Telnet Service on Windows. Go to
"Control Panel - Administrative Tools - Services"
Find "Telnet Service" in there,
Rightclick on it and in the "Propeties - Startup Type"
change the field to "Manual" or "Disabled"
Hope it helps you
Telnet is a part of TCP/IP protocols and can become a threat to you. People can use it to Log on to your PC from the distance and actualy overtake it. They can also use Telnet option to conect to other ports of your PC except port 23. If I'm not mistaken, Telneting to port 15 will give an attacker the infor about your PC, e.g. which operating system are you runing and some of the services. I think that most of the firewalls heve these two ports blocked as default same as most of the others.
Good tip. I wonder what reason a typical user would have for enabling this service? I keep it disabled on all my boxes.
Happy Holidays, -ah f#$^% it -enough of the policaly correct BS - Merry Christmas,
-D
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
December 23rd, 2004, 12:36 AM
#9
MS telnet is configured to use NTLM authentication by default not plain text so you must be authenticated on the network before you can use it. but the option is in the server config. to allow plain test. if your behind a firewall in a trusted environment there is no problem with using telnet. with NTLM only those users that have permissions to logon to a computer running a telnet server can do so.
if you have no use for it... turn it off. just like any other service.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
December 23rd, 2004, 01:02 AM
#10
Explain to me what "NTLM" is? I usually don't just go into my box and just turn everthing off that i don't need, cuz if i did that i wouldn't have a box anymore, knowing me i would end up shutting something off that wasn't suppose to be turned off.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|