Solved: how can i setting Access telnet through ACL control.

supermanwwc · ‎01-18-2018

Hello,there may be some problems with Access telnet through ACL control.

1.TIMEWAIT (Are these TCP connections an attack connection ) ？

wan-4M#sh tcp brie
TCB Local Address Foreign Address (state)
625E3370 124.65.231.142.23 201-92-164-106.d.49919 TIMEWAIT
631CDB84 124.65.231.142.23 201-92-164-106.d.49942 TIMEWAIT
625E382C 124.65.231.142.23 201-92-164-106.d.49936 TIMEWAIT
631B72FC 124.65.231.142.23 201-92-164-106.d.49927 TIMEWAIT
62F71E60 124.65.231.142.23 201-92-164-106.d.49949 TIMEWAIT
62F7F558 124.65.231.142.23 201-92-164-106.d.49969 TIMEWAIT
631BE7E8 124.65.231.142.23 201-92-164-106.d.49976 TIMEWAIT
625E474C 124.65.231.142.23 201-92-164-106.d.49980 TIMEWAIT
625E6B1C 124.65.231.142.23 201-92-164-106.d.49962 TIMEWAIT
631D13E8 125.35.20.129.23 218.247.232.86.7728 ESTAB
631B77B8 124.65.231.142.23 201-92-164-106.d.49954 TIMEWAIT
631B7C74 124.65.231.142.23 201-92-164-106.d.49967 TIMEWAIT
625E21C0 124.65.231.142.23 201-92-164-106.d.49987 ESTAB

2.What's this address?

vty 196 idle 00:00:00 37.148.71.90 （What's this address）

vty 197 idle 00:00:00 179-111-131-117.dsl.telesp.net.br （What's this address）

wan-4M#who
Line User Host(s) Idle Location
* vty 194 idle 00:00:00 218.247.232.86 (the real address）
vty 196 idle 00:00:00 37.148.71.90 （What's this address）
vty 197 idle 00:00:00
179-111-131-117.dsl.telesp.net.br （What's this address）
vty 198 idle 00:00:00
201-92-164-106.dsl.telesp.net.br （What's this address）

interface FastEthernet0/0
ip address 124.65.231.142 255.255.255.252
ip accounting output-packets
description outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 125.35.20.129 255.255.255.192
ip accounting output-packets
description inside
duplex auto

line vty 0 0

exec-tomeout 0 0

login

transport input telnet

I want to limit telnet user.

For example，only ip add 218.247.232.0/27 enable to telnet 125.35.20.129.

what can i do ?

Please get the detailed config in the attached file.

Philip D'Ath · ‎01-18-2018

People are trying to log into your router remotely. I would do this:

access-list 2 remark Where management can be done from.
access-list 2 permit 218.247.232.0 0.0.0.31

line vty 0 4
access-class 2 in
transport input telnet ssh
transport output telnet ssh

exec-timeout 5

View solution in original post

Philip D'Ath · ‎01-18-2018

People are trying to log into your router remotely. I would do this:

access-list 2 remark Where management can be done from.
access-list 2 permit 218.247.232.0 0.0.0.31

line vty 0 4
access-class 2 in
transport input telnet ssh
transport output telnet ssh

exec-timeout 5

supermanwwc · ‎01-19-2018

thank you for you help.

There are some questions ，what does mean "remark Where management can be done from."

where can i search logs about "remark Where management can be done from.".

thanks again.

Marvin Rhoads · ‎01-19-2018

Philip was too kind - turn off telnet COMPLETELY! It is insecure and has no place on an Internet-facing device.

The remark line is a note for yourself. There is no log about it.

You should have some basic understanding of your network - that is, what addresses are allowed to log into your router. All others are forbidden. The access-list, when applied to the vty lines using the access-class command, does that.

supermanwwc · ‎01-21-2018

thank you Marvin