On 11/27/2013 12:13 PM, Brian Schenkenberger, VAXman- wrote: The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. Kerberos-enabled telnet doesn't work unless the target is setup to and willing to provide for it. I have no knowledge of how Sampsa has his configured but from the initial discussion, I'd doubt that Kerberos is involved. As do I. I was merely nit-picking that "telnet" does not exclusively mean "cleartext". Given that it was an open and outward-facing service, I'd certainly HOPE it was Kerberized telnet! ;) -Dave -- Dave McGuire, AK4HZ New Kensington, PA