RE: Denying telnet to port 23 on VTY

From: James Glenn (jglenn@epcusa.com)
Date: Tue Nov 07 2006 - 10:39:00 ART

• Next message: Narbik Kocharians: "Re: local policy route-map not working for me"
• Previous message: Alexei Monastyrnyi: "Re: CCIE Lab setup"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Rik Guyler: "RE: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

"test message"

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
dszarmach
Sent: Monday, November 06, 2006 10:27 PM
To: Rodrigo Paes; dszarmach
Cc: secondie@gmail.com; security@groupstudy.com; ccielab@groupstudy.com
Subject: RE: Denying telnet to port 23 on VTY

You should be able to do a static NAT without using an access list:

Ip nat inside source static tcp 1.1.1.1 23 2.2.2.2 22222

That would blackhole the traffic, assuming nothing at 2.2.2.2 is
listening on 22222.

Doug Szarmach
Sr. Network Engineer
Community Foundation of Northwest Indiana, Inc.

-----Original Message-----
From: Rodrigo Paes [mailto:rpaes@pobox.com]
Sent: Monday, November 06, 2006 10:07 PM
To: dszarmach
Cc: secondie@gmail.com; security@groupstudy.com; ccielab@groupstudy.com
Subject: Re: Denying telnet to port 23 on VTY

On Mon, 6 Nov 2006 21:44:43 -0600
"dszarmach" <dszarmach@comhs.org> wrote:

> How about NAT 23 off to an IP that is static routed to null0...or
> perhaps some port that is not in use (if static routing is not
allowed).
>
wouldn't that need an ACL ?

[]s
rodrigo

--
=========================================
\     .-.     +++ Rodrigo Paes +++       \
/     /v\    CCIE #14054 (R&S and SP)    /
\    // \\   LPIC2 #19753                \ 
/   /(   )\  Linux User #324449          /
\    ^^-^^                               \
/   jabber: panfleto@jabber.org          /
\   gtalk : rodp43s@gmail.com            \
 ==========================================
____________________________________
This message and attachment(s), if any, is intended for the sole use of
the individual and/or entity 
of which it is addressed, and may contain information that is
privileged,confidential and prohibited 
from disclosure under applicable law. If you are not the addressee, or
authorized to receive this on 
behalf of the addressee, you are hereby notified that you may not use,
copy, disclose or distribute 
to anyone this message or any part thereof. If you have received this in
error, please immediately advise 
the sender by e-mail and delete this information and all attachments
from your computer and network. 
Thank you.
____________________________________

• Next message: Narbik Kocharians: "Re: local policy route-map not working for me"
• Previous message: Alexei Monastyrnyi: "Re: CCIE Lab setup"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Rik Guyler: "RE: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART