[linux-elitists] telnet weenie frenzy!

Bulent Murtezaoglu bm@acm.org
Tue Feb 27 11:33:17 PST 2001


[I'm deleting the stuff I agree with and/or concede, let's turn it
into a different and more worthwhile thread if you agree]

    BM> Yes, I do.  But if you assume people will break into
    BM> intermediate routers and sniff your packets, it does not seem
    BM> that outlandish to suppose they can do other stuff also.

    RM> But, you see, that's a vague hand-wave at a more-complex
    RM> issue.  

I don't see how it's more hand-wavy than what you say below.  That said,
here's the assumption we are (I am) operating under:  

We have an adversary who can sniff our packets on the internet (not
ethernet).  This is necessary for telnet to be dangerous.

If we can assume the above, I am asserting it is not incredibly harder
for the same adversary to modify intermediate routers' behaviour even 
further.  

    RM> You perhaps have not considered in detail what
    RM> measures are in place to prevent, detect, and recover from
    RM> compromises of the distribution channels for
    RM> security-sensitive software.  I have.

No I have not.  I am basing all this on the behaviour I am seeing on
my boxes, they resolve non-us.debian.org, they get a list of available
packages from there, they fetch (in the clear using http or ftp) the
packages I want and/or updates for the ones I already use, and they
install them.  I do not see any attempt at authenticating the other
end, I do see some checksum checking but that's done against checksums
acquired through the same source.  I admit that I do not know about
the measures you allude to.  This is partly because I always assumed
that something as simple as a transparent http proxy that replaces
packages (*) would be enough to compromize the distribution and I could
not see any measures in addition to the existing framework that would
work against that.  I suspect the measures you mention involve making
sure distributions cannot be compromized for _everyone_, which is a
different problem.

Having already badmouthed the measures w/o knowing what they are, 
could I now impose on you to point me to some write-up about them?

[...]
    RM> I make no comment here on ease of entry to routers, other than
    RM> that it isn't particularly relevant to SSH usage.  

Absolutely right.  I took compromised routers as a given since we were
assuming telnet was vulnerable.  I then argued that if you take that 
as a given extrapolate it within reason and you cannot even assume
getting ssh through the net is OK.  Devil's advocacy, "chicken little"
or whatever aside if you really need protection against compromises in 
the routers in your path, you also ought to be thinking about all the 
traffic that passes through those.  "Quit using telnet" is only part
of the solution -- given a dedicated and knowledgeable adversary with
roughly the same access, the telnet risk pales in comparison to, say, 
apt-get.  Agreed?  

    RM> But I will
    RM> say that your conclusion simply does not follow. [...]

My conclusion is a trivial one which IMHO does follow if you allow all
the assumptions I am making.  I suspect what does not follow is what
you thought I was concluding!  What is that?  Or did I move the goal
posts on you?

cheers,

BM

(*) or a compromized DNS server, or mucking with DNS/UDP etc.  
you get the idea.



More information about the linux-elitists mailing list