01-18-2018 07:17 PM - edited 02-21-2020 07:10 AM
Hello,there may be some problems with Access telnet through ACL control.
1.TIMEWAIT (Are these TCP connections an attack connection ) ?
wan-4M#sh tcp brie
TCB Local Address Foreign Address (state)
625E3370 124.65.231.142.23 201-92-164-106.d.49919 TIMEWAIT
631CDB84 124.65.231.142.23 201-92-164-106.d.49942 TIMEWAIT
625E382C 124.65.231.142.23 201-92-164-106.d.49936 TIMEWAIT
631B72FC 124.65.231.142.23 201-92-164-106.d.49927 TIMEWAIT
62F71E60 124.65.231.142.23 201-92-164-106.d.49949 TIMEWAIT
62F7F558 124.65.231.142.23 201-92-164-106.d.49969 TIMEWAIT
631BE7E8 124.65.231.142.23 201-92-164-106.d.49976 TIMEWAIT
625E474C 124.65.231.142.23 201-92-164-106.d.49980 TIMEWAIT
625E6B1C 124.65.231.142.23 201-92-164-106.d.49962 TIMEWAIT
631D13E8 125.35.20.129.23 218.247.232.86.7728 ESTAB
631B77B8 124.65.231.142.23 201-92-164-106.d.49954 TIMEWAIT
631B7C74 124.65.231.142.23 201-92-164-106.d.49967 TIMEWAIT
625E21C0 124.65.231.142.23 201-92-164-106.d.49987 ESTAB
2.What's this address?
vty 196 idle 00:00:00 37.148.71.90 (What's this address)
vty 197 idle 00:00:00 179-111-131-117.dsl.telesp.net.br (What's this address)
wan-4M#who
Line User Host(s) Idle Location
* vty 194 idle 00:00:00 218.247.232.86 (the real address)
vty 196 idle 00:00:00 37.148.71.90 (What's this address)
vty 197 idle 00:00:00
179-111-131-117.dsl.telesp.net.br (What's this address)
vty 198 idle 00:00:00
201-92-164-106.dsl.telesp.net.br (What's this address)
interface FastEthernet0/0
ip address 124.65.231.142 255.255.255.252
ip accounting output-packets
description outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 125.35.20.129 255.255.255.192
ip accounting output-packets
description inside
duplex auto
line vty 0 0
exec-tomeout 0 0
login
transport input telnet
I want to limit telnet user.
For example,only ip add 218.247.232.0/27 enable to telnet 125.35.20.129.
what can i do ?
Please get the detailed config in the attached file.
Solved! Go to Solution.
01-18-2018 08:29 PM
People are trying to log into your router remotely. I would do this:
access-list 2 remark Where management can be done from.
access-list 2 permit 218.247.232.0 0.0.0.31
line vty 0 4
access-class 2 in
transport input telnet ssh
transport output telnet ssh
exec-timeout 5
01-18-2018 08:29 PM
People are trying to log into your router remotely. I would do this:
access-list 2 remark Where management can be done from.
access-list 2 permit 218.247.232.0 0.0.0.31
line vty 0 4
access-class 2 in
transport input telnet ssh
transport output telnet ssh
exec-timeout 5
01-19-2018 01:27 AM
thank you for you help.
There are some questions ,what does mean "remark Where management can be done from."
where can i search logs about "remark Where management can be done from.".
thanks again.
01-19-2018 02:02 AM
Philip was too kind - turn off telnet COMPLETELY! It is insecure and has no place on an Internet-facing device.
The remark line is a note for yourself. There is no log about it.
You should have some basic understanding of your network - that is, what addresses are allowed to log into your router. All others are forbidden. The access-list, when applied to the vty lines using the access-class command, does that.
01-21-2018 11:04 PM
thank you Marvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide