Gert Doering wrote:
Hi,
On Fri, Jul 11, 2008 at 08:12:44PM +0300, Eugeniu Patrascu wrote:
If the PIX would be compromised, the attacker could also setup ACLs/NATs
so that he has access to the network.
Only if he gets "enable" access.
Still, it's not really a reason - on the old CatOS switches you had to
be in enable mode before you could outbound telnet; there's no reason
that couldn't be repeated. And if you realy didn't want telnet on the
PIX ban it on the AAA server. :)
I imagine, as with all these features, the reason it doesn't exist is
not enough people want/ask for it.
Sam
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/