Re: Denying telnet to port 23 on VTY

From: christianus sandjaja (netwrangers@yahoo.com)
Date: Thu Nov 09 2006 - 07:47:55 ART

• Next message: Kulcsár: "RE: vlan-bridge"
• Previous message: Frank: "Re: vtp mode / pruning"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: John Meggers: "Re: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
just try add this on your router which denying telnet. This question also
appears on my ccie sec lab attempt last month

access-list 101 permit tcp any
eq telnet any
route-map telnet permit 10
 match ip address 101
 set interface
null 0

ip local policy route-map telnet

then set line vty 0 4 as well

line
vty 0 4
login
password cisco
rotary 03
transport input telnet

I think
the
main point of this questions is you need to blackhole normal telnet using tcp
23.
After that if you test telnet normally it will not response but if you
telnet to port 3003 you can login as normally.CMIIW
thanks

chris

• Next message: Kulcsár: "RE: vlan-bridge"
• Previous message: Frank: "Re: vtp mode / pruning"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: John Meggers: "Re: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART