From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sun Apr 29 2007 - 14:14:07 ART
Hi,
You actually have a bunch of options here:
1) Configure access-class "out" on R2 lines (e.g. console, vtys)
2) Configure access-group ingress on R6's interfaces
3) Configure filtering on intermediate devices (routers, switches)
4) Configure local policy routing on R2 to drop unwnated telnet traffic
egress
5) Configure local policy routing on R6 to drop responses to unwated traffic
Actually you may use option (5) to implement really stealth Telnet server
on IOS. That is, instead of sending RST you may simply discard SYN ACK
responses to unwanted hosts, blackholing the potential port-scans.
HTH
-- Petr Lapukhov, CCIE #16379 (R&S/Security) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2007/4/29, Dishan Gamage <dishanlg@gmail.com>: > > Hi group > > If a question ask you to > > permit only telnet traffic from R2 's loopback0 to R6 using Acls but > cannot > use access-class in R6 > > what should i do ?? > > tks in advance > > dishan > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:38 ART