From: secondie (secondie@gmail.com)
Date: Tue Nov 07 2006 - 21:26:03 ART
Thanks all for the response. Exact wording from from the book.
Change the telnet server to 3003. It should not answer to telnet request
over port 23. Do not use access-list to accomplish this task.
I was hoping that some thing can be done to the vty port configs (that
obviously I do not know how to) to disable port 23 while keeping 3003
alive. Trinet solution just enables 3003 and does nothing to 23.
-secondie
Ben Holko wrote:
> What seems to be a recurring theme in lab questions - think outside the
> square
>
> If you have typed the question below correctly, then you should use the
> rotary command, and then "telnet input ssh"
>
> But this will disable telnet......shock-horror, that is what the
> question (notably the "deny all") is asking you to do:
>
>
>> Enable VTY to accept telnet on port 3003 and deny all telnet access to
>>
> VTY. ACL not allowed.
>
> It says "deny all telnet access", not "deny all telnet access on port
> 23"
>
> B.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> secondie
> Sent: Tuesday, November 07, 2006 1:05 PM
> To: security@groupstudy.com; ccielab@groupstudy.com
> Subject: Denying telnet to port 23 on VTY
>
> Question asks for: Enable VTY to accept telnet on port 3003 and deny
> all telnet access to VTY. ACL not allowed.
>
> 3003 part is easy, use rotary but can port 23 be disabled on VTY line so
> that telnet is not accepted on the VTY line?
>
> For those that have trinet security lab workbook, (Trinet superlab-1,
> section 8.5, task#1)
>
>
> -secondie
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART