From: Kinton Connelly (kinton@xxxxxxxxxxxx)
Date: Fri Aug 31 2001 - 19:49:20 GMT-3
Hi Andy. That's good advice for a production environment. My comments to
Jimmy were more in regards to the lab - where you shouldn't have to worry
about DOS attacks and where it benefits you to leave your connection
(usually via the console port) up all the time.
Kinton
At 8/31/01, andy lennon wrote:
>Kinton,
>
>It will if all of your vty lines get left in a connected state and
>remotely disconnected. Exec-timeout 0 0 will never timeout, leaving you
>open to a dos attack.
>
>
>Try exec-t 15 0
>
>For a 15 min kickout,
>
>Better still, tie vty 4 to a NOC address via an access-class, for a
>secure way in.
>
>Regs,
>
>Andy
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Kinton Connelly
>Sent: 29 August 2001 01:54
>To: Martyniak, James; CCIELAB (E-mail)
>Subject: Re: Funny/Stupid
>
>It was fear of just this sort of problem that drove me to change from
>using
>"no exec-t" to using "exec-t 0 0" - it's a keystroke or two more, but a
>fat-finger won't lock you out of the router. :-)
>
>Kinton
>CCIE #5867
>
>
>At 8/28/01, Martyniak, James wrote:
> >My lab is at work. Working on the lab from home I type my default
>config in
> >notepad including:
> >
> >line con 0
> > no exec (meaning no exec-timeout)
> >
> >I try to shortcut things to much sometimes! With no remote power cycle,
>I am
> >on my way to work to 0x2142 my routers!
> >
> >Jimmy Martyniak
> >Network Engineer
> >University of Pennsylvania Health System
> >(215)662-6243
> >**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:01 GMT-3