[69386] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IOS 12.3(x) Strange service ports open on router

daemon@ATHENA.MIT.EDU (Pekka Savola)
Fri Apr 9 16:28:04 2004

Date: Fri, 9 Apr 2004 23:27:17 +0300 (EEST)
From: Pekka Savola <pekkas@netcore.fi>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: Robert Blayzor <rblayzor@inoc.net>,
	Petri Helenius <pete@he.iki.fi>, <nanog@merit.edu>
In-Reply-To: <20040409195018.ADEE87B44@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu


On Fri, 9 Apr 2004, Steven M. Bellovin wrote:
> In message <4076FBAB.6040709@inoc.net>, Robert Blayzor writes:
> >Petri Helenius wrote:
> >> Put "transport input none" to your tty lines.
> >
> >That was it.  Seems like the default value changed between versions. 
> >Thanks.
> 
> Wonderful -- a change to default behavior that opens up lots of ports.  
> This is exactly the wrong direction to go in.

No kidding.

Another pet peeve of roughly the same category: when you enable IPv6,
telnet is automatically open to the world (using v6), even if you have
disabled v4 telnet with an access-list.

The vendor refused to believe this is a problem, so I'm waiting for v6
deployment to get really started before writing bugtraq.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[69386] in North American Network Operators' Group

Re: IOS 12.3(x) Strange service ports open on router

daemon@ATHENA.MIT.EDU (Pekka Savola)Fri Apr 9 16:28:04 2004

daemon@ATHENA.MIT.EDU (Pekka Savola)
Fri Apr 9 16:28:04 2004