Need a sniffer/password capture to prove telnet is bad

[Glen Staufer]

On Tue, 23 Nov 2004 14:36:23 -0500, Edward Croft <ecroft at openratings.com> wrote:
> I have a user I am trying to convince to quit using telnet. I have told
> him that his password can be sniffed and that would expose his system.
> He laughs and tells me that no one can get his password. So he threw
> down the gauntlet for me to get his password.

Why do you have to go about it this way in order to get him to stop
using telnet?

Well, first, I guess I should ask whether he is using telnet solely to
login to his home system from work or whether he is also using telnet
to login to systems on the company network?

If he is using telnet for his own purposes, then go to google, search
out an article talking about plain text passwords, unecrypted traffic
and network sniffers, etc.  Send him the link as a 'friend' and be
done with it.

If he is using telnet to connect to work systems, why do you have
telnet enabled?  Is this the person who makes that decision?  If not,
why bother with him?  If he is connecting to his home system and
transmitting work data on that connection, does company policy allow
that?

If this person has no say in company policy with regard to these
matters, then you are wasting your time trying to convince him if your
purpose is to establish a policy prohibiting the transmission of
company data over insecure channels.

Another thing.  If you don't have absolute trust in this person, don't
get suckered in to sniffing his network traffic - as I think someone
else responding has also pointed out.

Glenn Stauffer