Re: Telnet and FTP to Historic
Christian Huitema <huitema@huitema.net> Thu, 03 December 2020 19:02 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A23213A0844 for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 11:02:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8JBdjpO5txA for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 11:02:03 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44C703A0AD8 for <ietf@ietf.org>; Thu, 3 Dec 2020 11:01:57 -0800 (PST)
Received: from xse18.mail2web.com ([66.113.196.18] helo=xse.mail2web.com) by mx36.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kktr8-0008Js-OO for ietf@ietf.org; Thu, 03 Dec 2020 20:01:48 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4Cn4kY1Qf7z5ZH4 for <ietf@ietf.org>; Thu, 3 Dec 2020 10:54:13 -0800 (PST)
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kktk5-0006Eu-2w for ietf@ietf.org; Thu, 03 Dec 2020 10:54:13 -0800
Received: (qmail 8807 invoked from network); 3 Dec 2020 18:54:12 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.43.42]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <cabo@tzi.org>; 3 Dec 2020 18:54:12 -0000
Subject: Re: Telnet and FTP to Historic
To: Joe Touch <touch@strayalpha.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF Discussion Mailing List <ietf@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "John C. Klensin" <john-ietf@jck.com>, Carsten Bormann <cabo@tzi.org>
References: <51d208a3-4cae-b69a-6ecc-d15f48c66b44@huitema.net> <06E7EB62-D6C2-4827-A241-8E276860C2B7@strayalpha.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <6842e463-6fce-42e5-402c-acacabd9905b@huitema.net>
Date: Thu, 03 Dec 2020 10:54:11 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <06E7EB62-D6C2-4827-A241-8E276860C2B7@strayalpha.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Originating-IP: 66.113.196.18
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.18/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.18/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0ecN11dQIc3aKzz9DU5dqGmpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDAzc5Jb/eaE0k3pqeq35lKbgN zB/4Jkrw1eDLcif59fsOOOJAq5FzUBrAsP7mP/9fU7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+7KJix/R2qbtdH2ZflMjNgfX2XX9bIsGDSYq5OAASmskY6jSvfpO+1kZkomjtjB6X5Q5Q9f RUeIpTIC2ySfqvnqLwoxlgatmaBb0rBiK9xbkDrUqzcKIief90MVLZY9LbIZh9+IQ1oS9LBn3VIP 95Jz7ujRlJ9wSMlhvaudJXZ9EIBG/qaR+8r9SKFMmPJLf850OvZYsmoVQuOIhwKLK6IKBNB4LZ0v UHHKTzJX7b1JhLSQQ4vSj0QEim26t/Moy0UPX5E73H1QfrH/5kkrV/Cr0bm2vWdo8usP65i82q1C dZgGrpL44wdx9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3fuQgzT3K9JUHTNiGwfwAmxx/Wk8McinP JEkgAVrOMpYt4o3CgqJq+7GLH3LDcCCXyDpGyPkw18xx/5TqPnNcf9f40CdNA7VaBYxkHyg0UfH0 lSfuxANzRU5MAZzTOSGBZDYf5ObEMndrrAmRAfDcd/KY2AXNZGS5G93aGyH8MqMNONNOB63tZ91H 4Bn0Oix6zutEnV+m3Y4ETNoKFPxK7pxMPnetLBJMh51NiRRoHIAyHFpT/ysTVyd40Ld6FLIomiK7 x42VjdzChZMe6O/DiWiiIzuXMTE3l4bIsk+O50sbxwtwjrKJLx7eRcIzZWAy08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/1hWboP9AP42LJBAf8lbmbI18Lr4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 19:02:13 -0000
On 12/3/2020 7:11 AM, Joe Touch wrote: > N > >> On Dec 2, 2020, at 11:50 PM, Christian Huitema <huitema@huitema.net> wrote: >> >> >>> On 12/2/2020 11:22 PM, Joe Touch wrote: >>> >>>>> On Dec 2, 2020, at 10:47 PM, Christian Huitema <huitema@huitema.net> wrote: >>>> Mark, you had me until "home network". Because most home networks are in fact *not* more secure than the open Internet >>> Not that I like NATs, but they do afford protection beyond being on the open Internet simply by lacking incoming port mapping. >> That's the firewall illusion. It is shattered if someone inside the wall falls for a phishing attack, or clicks on the wrong attachment, or downloads the wrong program. At which point all these unsafe programs that are used "only behind the firewall" become nice avenues for quickly spreading the attack much farther than the initial failure. See numerous examples of ransomware attacks against small businesses, schools, etc. >> >> -- Christian Huitema > Sure, but you have to attack the machines behind a firewall some other way *first*. > > I didn’t say they were safe, just safe*er*. I understand why you say that. Machines behind a NAT or a stateful firewall cannot be remotely probed for low level vulnerabilities, so you do get some reduction of the attack surface. My contention is that this reduction is far from being sufficient, because attackers have found many ways to project themselves through NATs or firewalls. If you allow for unsafe practices because the machines are behind a NAT or a firewall, these unsafe practices will result in catastrophic cascades of failures after a single breach happens. -- Christian Huitema
- Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Theodore Y. Ts'o
- Re: Two FTP issues Joseph Touch
- Re: Two FTP issues Salz, Rich
- Re: Two FTP issues Larry Masinter
- Re: Two non-FTP issues John Levine
- Re: Two non-FTP issues Keith Moore
- Re: Two FTP issues John C Klensin
- Telnet and FTP to Historic Phillip Hallam-Baker
- MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Keith Moore
- Re: MIME sniffing Julian Reschke
- Re: MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Michael Thomas
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Scott Bradner
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Jared Mauch
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic John Levine
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Theodore Y. Ts'o
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Dave Cridland
- Re: Telnet and FTP to Historic Nick Hilliard
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic IETF Sergeant at Arms
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Keith Moore