-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Aug 8, 2011, at 9:57 PM, Yuri Bank wrote:
> The problem with that assumption is that you're saying any TCP packet
> received on port 23 is part of a login attempt. This is not true. Someone
> could be port scanning, testing connectivity, etc.....
>
> My definition of a login attempt ( which I believe is technically correct)
> is when someone completes the TCP session and sends a username and password
> string, and conforms to the protocol. Unless that happens, it is not a login
> attempt.
You would be wrong. Authentication is not a requirement of the telnet protocol.
TCP connections are.
If I try to telnet to a VTY without a password set, it still counts as a login attempt, I did attempt to login to the router, it told me to go to hell.
The question is very specific in saying log all telnet access attempts. The successful or not is a red herring, there to screw with your perception of what is or isn't an access attempt.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJOQJl/AAoJEDSV5GS4KsJ4Hk8H/3XaXXyqkTnoNhC4HYchymf9
QFx/jrCSB3vqmbMWIBrtkJprkaEb/Dk/9yuCKi3ArT7Z6MDiQ4vReGBPnj091ktm
a6fBbIuX0PoLxvczD+Y67jZG0J+mf9g67PBqeDIDy7OrxrcNvzEDs/U9XJbG+84r
yr6YM7RlQ/IFZNaEH9OZ+P2wskzRlWh/2/rb34LdpnZaFNZVEnfwETJuf+aj3KN7
xWSan51iNgzTTzl6y0EgtV59Emgmmw7x+mIoqHaQ1xMwZoBXyl6XrBqlWh9Jum2n
UjpydZY9T6lWl2PgNXtPGXJhcWOCKx9cKFrXao/li4cwqNPWlC+4mptTf1r/Ilg=
=RnGP
-----END PGP SIGNATURE-----
Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 08 2011 - 22:20:47 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART