could we cahnge the port of telnet on cisco router form 23 to 90

Dr.X · ‎08-07-2012

hi ,

im just asking for umore secrity,

can i change the default port for telnet from being 23 to another port so as to prevent cracking tools and guessing programs ???

regards

John Blakley · ‎08-07-2012

There are 2 ways that you can do it. You can set up a rotary on the line, but this restricts you to 30xx or 70xx and doesn't allow 9000 as far as I know. The other way is to set up nat for destinations to tcp/23

ip nat inside source static tcp 23 interface 9000

The above would work whenever it sees port 9000 inbound to the public side interface (you'd want to obviously fix the direction that you'd need)

The other way is the rotary method. Say that you're okay with 7034 as a port. You'd create an acl and then apply it to the line:

access-list 123 permit tcp any any 7034

line vty 0 4

access-class 123 in

rotary 34

I would recommend disabling telnet if you can though. If not, use non-dictionary passwords, set login retries, set account lockouts, etc.

Also, moving a port from telnet won't hide from an attacker. Port scanners will still find it...

HTH,

John

** Please rate all useful posts **

HTH, John *** Please rate all useful posts ***

Dr.X · ‎08-08-2012

hi ,

i thibk usign Acl will hurt my cpu ,

so wt about

set up a rotary ?????

im using cisco 7600 and 7200 .

regards

John Blakley · ‎08-08-2012

You can set up a rotary. Whatever number you choose for your rotary will be appended to ports 3000 and 7000. So, you can use 34 for 3034 and 7034, 56 for 3056 and 7056, etc. Then you would create and acl that permits only the port that you want to use. Creating an acl for this will not affect the cpu at all.

HTH,

John

** Please rate useful posts **

HTH, John *** Please rate all useful posts ***

could we cahnge the port of telnet on cisco router form 23 to 9000 ??