[Hudlug] Fwd: Re: [newbie] MLdonkey
Chris Wood
hudlug at mailman.lug.org.uk
Fri Nov 1 12:07:00 2002
On Thursday 31 October 2002 22:42 pm, you wrote:
> You are only connecting to the localhost though. So limited
> opportunities for password nicking. (does it even use passwords?).
>
They are still laying themselves open to script kiddies to brute force the
root account password. Unlikely, yes, but if someone tries brute forcing
hard enough, they could cause a DoS agaibst the telnet daemon, and hence
noone else would be able to log in.
> If you feel like that, then you shouldn't be using email, because that
> is all sent over plain text sockets, and you can use telnet to do that
> as well :)
Hmmmm..... This is more than a little different. Telnetting to port 25
doesn't get you a shell account on a machine.
Of course someone could sniff your plain text SMTP password, and then send
mail as you, but unless you are someone important, most hackers would be far
more interested in getting a shell on your machine. They can cause far more
havoc that way.
Badly set up SMTP servers are of course yet another issue altogether. We'd
all get less spam if people made sure their mail servers were not set up as
open relays...
C.