Re: Denying telnet to port 23 on VTY

From: John Meggers (jmeggers@adelphia.net)
Date: Wed Nov 08 2006 - 11:23:01 ART

• Next message: Alexey Tolstenok: "Wildcard mask in OSPF network command"
• Previous message: Frank: "Re: vlan-bridge"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Kal Han: "Re: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So the question is whether using the rotary command adds another
Telnet port (and port 23 still works also), or whether it changes the
port on which Telnet will respond from port 23 to port 3003. I
honestly don't know the answer to that, but I will play with it. I
think clearly the "transport input xxx" command will disable Telnet
altogether, which is not what they're looking for. IPExpert has a
similar requirement in one of their labs and the solution is only the
rotary group.

John Meggers

On Nov 7, 2006, at 7:26 PM, secondie wrote:

> Thanks all for the response. Exact wording from from the book.
>
> Change the telnet server to 3003. It should not answer to telnet
> request over port 23. Do not use access-list to accomplish this task.
>
> I was hoping that some thing can be done to the vty port configs
> (that obviously I do not know how to) to disable port 23 while
> keeping 3003 alive. Trinet solution just enables 3003 and does
> nothing to 23.
>
>
>
> -secondie
>
>
>
>
>
>
> Ben Holko wrote:
>> What seems to be a recurring theme in lab questions - think
>> outside the
>> square
>>
>> If you have typed the question below correctly, then you should
>> use the
>> rotary command, and then "telnet input ssh"
>>
>> But this will disable telnet......shock-horror, that is what the
>> question (notably the "deny all") is asking you to do:
>>
>>
>>> Enable VTY to accept telnet on port 3003 and deny all telnet
>>> access to
>>>
>> VTY. ACL not allowed.
>>
>> It says "deny all telnet access", not "deny all telnet access on port
>> 23"
>>
>> B.
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>> Behalf Of
>> secondie
>> Sent: Tuesday, November 07, 2006 1:05 PM
>> To: security@groupstudy.com; ccielab@groupstudy.com
>> Subject: Denying telnet to port 23 on VTY
>>
>> Question asks for: Enable VTY to accept telnet on port 3003 and deny
>> all telnet access to VTY. ACL not allowed.
>>
>> 3003 part is easy, use rotary but can port 23 be disabled on VTY
>> line so
>> that telnet is not accepted on the VTY line?
>>
>> For those that have trinet security lab workbook, (Trinet superlab-1,
>> section 8.5, task#1)
>>
>>
>> -secondie
>>
>> _____________________________________________________________________
>> __
>> Subscription information may be found at: http://
>> www.groupstudy.com/list/CCIELab.html

• Next message: Alexey Tolstenok: "Wildcard mask in OSPF network command"
• Previous message: Frank: "Re: vlan-bridge"
• Maybe in reply to: secondie: "Denying telnet to port 23 on VTY"
• Next in thread: Kal Han: "Re: Denying telnet to port 23 on VTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART