On Tue, 23 Nov 2004 14:36:23 -0500, Edward Croft <ecroft@xxxxxxxxxxxxxxx> wrote: > I have a user I am trying to convince to quit using telnet. I have told > him that his password can be sniffed and that would expose his system. > He laughs and tells me that no one can get his password. So he threw > down the gauntlet for me to get his password. Why do you have to go about it this way in order to get him to stop using telnet? Well, first, I guess I should ask whether he is using telnet solely to login to his home system from work or whether he is also using telnet to login to systems on the company network? If he is using telnet for his own purposes, then go to google, search out an article talking about plain text passwords, unecrypted traffic and network sniffers, etc. Send him the link as a 'friend' and be done with it. If he is using telnet to connect to work systems, why do you have telnet enabled? Is this the person who makes that decision? If not, why bother with him? If he is connecting to his home system and transmitting work data on that connection, does company policy allow that? If this person has no say in company policy with regard to these matters, then you are wasting your time trying to convince him if your purpose is to establish a policy prohibiting the transmission of company data over insecure channels. Another thing. If you don't have absolute trust in this person, don't get suckered in to sniffing his network traffic - as I think someone else responding has also pointed out. Glenn Stauffer
