RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

in reply to (atl: Legitimate uses) RE: Echo off in IO::Sockets
in thread Echo off in IO::Sockets

There are certainly legitimate uses for a telnet client, server, or wrapper. However, that's not what this person asked for. They want a "fake telnet client" that will take the username and password, then give a false error message and log the username and password.

I have yet to hear of a single legitimate use for such a program. I can think of only one purpose; to log usernames and passwords without user knowledge. A legitimate administrator has no need for such tools; in *nix, this information can be logged, while in Windows, the administrator can determine the user passwords with ease.

So, then - under what circumstances does this become a legitimate use?

- email Ozymandias

Comment on RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets

Replies are listed 'Best First'.
RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by atl (Pilgrim) on Aug 07, 2000 at 00:49 UTC
A legitimate use is hard to find here, I admit. The only one I can think of is to actually write this fake client so you can demonstrate the people they have a problem. But that sounds a bit far fetched, even to me. By now, I thought our friend GoRN would have found time to post a reasonable explanation himself, which he/she didn't, so I am more willing to follow your interpretation of his/her intents. What makes me wonder is, should the intent really be to create a password stealing telnet, why not cloak this request with something harmless like "I want to write a new MUD client ..." or something like that? Would have gone through easily ... Well, you never know. Let´s hope the admins close the security hole in the first place, 'cause our young friend is certainly not alone out there. Andreas	[reply]
RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by isotope (Deacon) on Aug 15, 2000 at 04:20 UTC
This is probably a stretch, but it could be used as a honeypot that not only keeps a script kiddie busy, but also gives the administrator some idea of what kind of attack is being attempted (raw brute force, dictionary attack, etc). That being said, I also feel uneasy about the original question. Just my thoughts...	[reply]
(Ozymandias) RE: RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by Ozymandias (Hermit) on Aug 15, 2000 at 07:06 UTC
I thought about that, but if it were to be used as a honeypot security system, it would be reasonable to log the hostname and username - not the password. - email Ozymandias	[reply]
RE: (Ozymandias) RE: RE: RE: (atl: Legitimate uses) RE: Echo off in IO::Sockets by isotope (Deacon) on Aug 15, 2000 at 19:17 UTC
Like I said, logging the password would give the sysadmin a better idea of what kind of attack is underway -- are the passwords just incremental alphanumerics, or a dictionary list, or a list of usernames? Does it look like the work of a well-known rootkit? Things like that...	[reply]

In Section Seekers of Perl Wisdom