closing port 23
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2002 10:07 PM - edited 03-02-2019 02:52 AM
i want to totally close port 23 on the serial of my router...vulnerability test shows it is open though i have already denied it in my access list...
thanks a lot
- Labels:
-
Other Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2002 06:16 AM
An access list applied to the serial interface of the router will block telnet traffic coming through the router, but not an attempt to telnet TO the ip of the serial interface. To prevent this traffic, you need to apply an access list to the vty interfaces of your router with the access-group command.
A doc regarding the telnet vulnerabilities and other options for removing telnet access to your router can be found at http://www.cisco.com/en/US/products/hw/routers/ps274/products_security_advisory09186a00800b1699.shtml.
Bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2002 09:53 AM
Actually having a line like:
"access-list 100 deny tcp any any eq telnet"
in your incoming ACL applied to your serial will close port 23 to your serial and your network from the outside
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2002 01:47 PM
Another way of completing this is by using "transport input none" under the vty 0 4 interface
That will close telnet completely without using access lists!!!
Travers
