Block Telnet

Waheed Bahaduri · ‎06-19-2013

Hello Experts,

I want to create a custom-signature to block all TELNET traffic going across my IOS IPS. I tried alot but it didnt work for me. i created a sig with String-Tcp engine > added regex and telnet port=23 but it does not work.

can any one help me, plz ?

Seeker123_2 · ‎06-20-2013

Hope that this suites you.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#denytelnettraffic

Post something if you have some doubts.

Source: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#intro

Best Regards

Hugo Rodrigues

Best Regards Hugo Rodrigues

Imran Ahmad · ‎06-20-2013

What you have posted is blocking telnet through normal router ios . but my question was how to block telnet through IOS IPS.

mark.barrett · ‎06-20-2013

Try using Atomic IP engine, for any packet using TCP/23 drop the packet.

There's also some signatures which detect Telnet over non-standard ports which you might consider turning on.

Imran Ahmad · ‎06-22-2013

I used Atomic ip engine aswell, but that is also not working. i tried droping all packets for TCP/23 but it is not blocking telnet traffic. but on other hand if i try blocking the whole ip then telnet will be blocked. but if i try blocking only port tcp/23 it does not get any effect

any help, this is a ccie lab question and i have to work it out asap