From: Horszczaruk Krzysztof (Krzysztof.Horszczaruk@xxxxxxxxxxxxx)
Date: Wed Jul 31 2002 - 13:41:50 GMT-3
what about "show tcp" ?
>>>-----Original Message-----
>>>From: Peter Wodle [mailto:peter_wodle@hotmail.com]
>>>Sent: Wednesday, July 31, 2002 4:40 PM
>>>To: neil@droopy.com
>>>Cc: security@groupstudy.com; ccielab@groupstudy.com
>>>Subject: Re: Tracking Reverse Telnets
>>>
>>>
>>>I get vty IP address but not TTY device address. Also tried
>>>WHO, same out
>>>put as sho user.
>>>
>>>How about debug, but not sure what type of traffic to debug?
>>>
>>>
>>>>From: Neil Moore <neil@droopy.com>
>>>>To: Peter Wodle <peter_wodle@hotmail.com>
>>>>CC: security@groupstudy.com, <ccielab@groupstudy.com>
>>>>Subject: Re: Tracking Reverse Telnets
>>>>Date: Wed, 31 Jul 2002 10:37:05 -0400 (EDT)
>>>>
>>>>Hmm that is strange on mine
>>>>TerminalServer#show users
>>>> Line User Host(s) Idle Location
>>>> 10 tty 10 incoming 00:04:02 frameswitch
>>>> 16 tty 16 incoming 00:00:19
>>>>light.internal.droopy.com
>>>>* 18 vty 0 frameswitch 00:03:52
>>>>light.internal.droopy.com
>>>>
>>>>and I have tty16 is 2016 and tty10 is my 2010 and location
>>>is where I came
>>>>from.
>>>>
>>>>-Neil
>>>>
>>>>On Wed, 31 Jul 2002, Peter Wodle wrote:
>>>>
>>>> > this does not list IP address
>>>> >
>>>> >
>>>> > >From: Neil Moore <neil@droopy.com>
>>>> > >To: Peter Wodle <peter_wodle@hotmail.com>
>>>> > >CC: security@groupstudy.com, <ccielab@groupstudy.com>
>>>> > >Subject: Re: Tracking Reverse Telnets
>>>> > >Date: Wed, 31 Jul 2002 10:26:45 -0400 (EDT)
>>>> > >
>>>> > >show users
>>>> > >-Neil
>>>> > >
>>>> > >On Wed, 31 Jul 2002, Peter Wodle wrote:
>>>> > >
>>>> > > > Is there any way to track which IP address host is
>>>reverse telneting
>>>>to
>>>> > >a
>>>> > > > port e.g. 2004 via my terminal server?
>>>> > > >
>>>> > > >
>>>> > > >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:50 GMT-3