Re: RDP

From: Luca Hall (lhall@setnine.com)
Date: Fri May 02 2008 - 20:23:54 ART

• Next message: Scott Morris: "RE: Si Seņor!!!"
• Previous message: mateen taj: "RDP"
• Maybe in reply to: mateen taj: "RDP"
• Next in thread: Dale Shaw: "Re: RDP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You know whats a really bad idea? Pasting your config that has 1) your
username 2) your md5 hash 3) your boxes ip 4) the acl that protects that
box. Someone could grab that info load it up in rainbow crack/john/cain
etc and have you password in probably 10 minutes. _Especially_ since your
live production box has "ETRADE" in the name I would guess that makes it
even more likely someone would do this, if they haven't already...

> aI am using the below mentioned commands for RDP to access on of my server
> from outside and getting connection refused,
> *FW-ASA*
>
> *x.x.x.x NAT and fw outside interface IP*
>
> static (inside,Net_Outside) x.x.x.x 192.168.2.254 netmask 255.255.255.255
>
> access-list Net_Outside extended permit tcp any host x.x.x.x eq 3389
> ----------------------------------------
>
> *Router*
>
> **
>
> XB-ETRADE#show run
> Building configuration...
>
> Current configuration : 3807 bytes
> !
> version 12.4
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname DXB-ETRADE
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
> !
> !
> ip cef
> !
> !
> multilink bundle-name authenticated
> !
> !
> !
> !
> !
> username author privilege 15 secret 5 $1$fTt/$n8leY1OIVsYbxdnNnpyjg.
> !
> vlan internal allocation policy ascending
> bridge irb
> !
> !
> !
> interface FastEthernet0/0
> description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
> no ip address
> no ip proxy-arp
> duplex auto
> speed auto
> bridge-group 32
> !
> interface FastEthernet0/1
> ip address 83.111.68.254 255.255.255.252
> ip access-group 103 in
> no ip proxy-arp
> duplex auto
> speed auto
> !
> interface Serial0/0/0
> no ip address
> shutdown
> clock rate 2000000
> !
> interface Serial0/1/0
> description "Lease Line 314311786"
> no ip address
> no ip proxy-arp
> shutdown
> clock rate 2000000
> !
> interface FastEthernet0/2/0
> description "Lease Line 314311786"
> ip address 83.111.69.54 255.255.255.252
> ip access-group 103 in
> no ip proxy-arp
> duplex auto
> speed auto
> !
> interface FastEthernet0/3/0
> no ip address
> no ip proxy-arp
> duplex auto
> speed auto
> bridge-group 33
> !
> interface BVI32
> ip address 83.111.74.73 255.255.255.248
> ip policy route-map etrade
> !
> interface BVI33
> ip address 83.111.a.b 255.255.255.248
> ip policy route-map mail
> !
> ip route 0.0.0.0 0.0.0.0 83.111.68.253
> ip route 0.0.0.0 0.0.0.0 83.111.69.53
> !
> !
> no ip http server
> ip http authentication local
> no ip http secure-server
> ip http timeout-policy idle 5 life 86400 requests 10000
> !
>
> access-list 103 permit tcp any eq www any
> access-list 103 permit tcp any eq 8080 any
> access-list 103 permit tcp any eq pop3 any
> access-list 103 permit tcp any eq smtp any
> access-list 103 permit tcp any eq domain any
> access-list 103 permit udp any eq domain any
> access-list 103 permit tcp any eq telnet any
> access-list 103 permit tcp any eq 143 any
> access-list 103 permit tcp any eq 443 any
> access-list 103 permit tcp any eq ftp any
> access-list 103 deny tcp any eq 445 any
> access-list 103 permit tcp any any eq www
> access-list 103 permit tcp any any eq 443
> access-list 103 permit tcp any any eq 500
> access-list 103 permit udp any any eq isakmp
> access-list 103 permit esp any any
> access-list 103 permit tcp any any eq telnet
> access-list 103 permit udp any range 48129 48192 any
> access-list 103 permit tcp any range 8209 8220 any
> access-list 103 permit tcp any range 8194 8198 any
> access-list 103 permit tcp any range 8290 8294 any
> access-list 103 permit tcp any range 1025 6000 any
> access-list 103 permit tcp any eq 8804 any
> access-list 103 permit tcp any eq 8805 any
> access-list 103 permit tcp any eq 37 any
> access-list 103 permit tcp any eq 12345 any
> access-list 103 permit tcp any eq 22256 any
> access-list 103 permit tcp any eq 22277 any
> access-list 103 permit tcp any eq 33331 any
> access-list 103 permit tcp any eq 22266 any
> access-list 103 permit tcp any any eq 3389
> snmp-server community rasmala RW
> snmp-server enable traps snmp linkdown linkup coldstart warmstart
> snmp-server host 192.168.2.50 version 2c zbc
> no cdp run
> route-map etrade permit 10
> match ip address 1
> set interface FastEthernet0/1
> !
> route-map etrade permit 20
> match ip address 2
> set interface FastEthernet0/2/0
> !
> route-map mail permit 10
> match ip address 1
> set interface FastEthernet0/1
> !
> !
> !
> control-plane
> !
> bridge 32 protocol ieee
> bridge 32 route ip
> bridge 33 protocol ieee
> bridge 33 route ip
> banner login ^CC Property of Al-Ameen ^C
> !
> line con 0
> login local
> line aux 0
> line vty 0 4
> privilege level 15
> login local
> transport input telnet
> line vty 5 15
> privilege level 15
> login local
> transport input telnet
> !
> scheduler allocate 20000 1000
> !
> end
>
> DXB-ETRADE#
>
>
>
> Thanks in advance
>
>
> Mateen
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Si Seņor!!!"
• Previous message: mateen taj: "RDP"
• Maybe in reply to: mateen taj: "RDP"
• Next in thread: Dale Shaw: "Re: RDP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART