Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

by Ozymandias (Hermit)
on Aug 06, 2000 at 19:17 UTC ( #26431=note: print w/replies, xml ) Need Help??

in reply to (atl: Legitimate uses) RE: Echo off in IO::Sockets
in thread Echo off in IO::Sockets

There are certainly legitimate uses for a telnet client, server, or wrapper. However, that's not what this person asked for. They want a "fake telnet client" that will take the username and password, then give a false error message and log the username and password.

I have yet to hear of a single legitimate use for such a program. I can think of only one purpose; to log usernames and passwords without user knowledge. A legitimate administrator has no need for such tools; in *nix, this information can be logged, while in Windows, the administrator can determine the user passwords with ease.

So, then - under what circumstances does this become a legitimate use?

- email Ozymandias
  • Comment on RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

Replies are listed 'Best First'.
RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets
by atl (Pilgrim) on Aug 07, 2000 at 00:49 UTC
    A legitimate use is hard to find here, I admit. The only one I can think of is to actually write this fake client so you can demonstrate the people they have a problem. But that sounds a bit far fetched, even to me.

    By now, I thought our friend GoRN would have found time to post a reasonable explanation himself, which he/she didn't, so I am more willing to follow your interpretation of his/her intents. What makes me wonder is, should the intent really be to create a password stealing telnet, why not cloak this request with something harmless like "I want to write a new MUD client ..." or something like that? Would have gone through easily ...

    Well, you never know. Letīs hope the admins close the security hole in the first place, 'cause our young friend is certainly not alone out there.


RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets
by isotope (Chaplain) on Aug 15, 2000 at 04:20 UTC
    This is probably a stretch, but it could be used as a honeypot that not only keeps a script kiddie busy, but also gives the administrator some idea of what kind of attack is being attempted (raw brute force, dictionary attack, etc). That being said, I also feel uneasy about the original question. Just my thoughts...
      I thought about that, but if it were to be used as a honeypot security system, it would be reasonable to log the hostname and username - not the password.

      - email Ozymandias
        Like I said, logging the password would give the sysadmin a better idea of what kind of attack is underway -- are the passwords just incremental alphanumerics, or a dictionary list, or a list of usernames? Does it look like the work of a well-known rootkit? Things like that...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://26431]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2020-03-28 18:31 GMT
Find Nodes?
    Voting Booth?
    To "Disagree to disagree" means to:

    Results (167 votes). Check out past polls.