Rusty, I'm not clear from your question if there is an acl blocking everything inbound to the nt servers except smtp and telnet or if the acl is for inbound to the router itself. In the former case, unless your client is forcing their users to use good passwords, it's likely that a brute force telnet attempt would succeed in anywhere from a few hours to a few days, ditto for brute force on the router. If they're not logging failed login attempts, they would never know this was occurring.
If they have no filtering if any kind inbound to their servers, there are many netbios/nt vulnerabilities that they could be susceptible to, without knowing more specifics about the patches applied and the services being run I can't give you anything more specific. You can search on securityfocus.com to see what might be applicable to your client. One thing to keep in mind, for a small site the Cisco firewall feature set may be adequate. At the very least, a correctly configured access-list provides some rudimentary protection. See the cisco site or Phrack issue 52 for info on Cisco router security. (phrack.com) Also, security works best when applied in layers. It's not enough to have a firewall, enabling centralized logging, patching and hardening servers, backup procedures and implementing change control procedures are just a few of the things that need to be done as well. A firewall is just the beginning. HTH, Kent PS If your trying to get your client to take security seriously, you should probably begin by asking business questions like: "What is the worth of the information contained on your servers? How long could you operate without that information? If you lost all of the information on your servers, could your business operate? Are you aware of how much money businesses lost last year due to security breaches according to the FBI/CSI annual report? Are you aware of the potential legal issues related to not following "due care" practices for securing your information infrastructure, etc. etc." On Wed, 2003-04-02 at 19:09, Wilmes, Rusty wrote: > this is a general question for the security specialists. > > Im trying to convince a client that they need a firewall.... > > so hypothetically, > > if you had telnet via the internet open to a router (with an access list > that allowed smtp and telnet) (assuming you didn't know the telnet password > or the enable password)that had a bunch of nt servers on another interface, > how long would it take a determined hacker a) cause some kind of network > downtime and b) to map a network drive to a share on a file server over the > internet. > > Thanks, > Rusty > > > -----Original Message----- > > From: Larry Letterman [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, April 02, 2003 1:44 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VLAN loop problem [7:66656] > > > > > > Yes, > > it prevents loops in spanning tree on layer 2 switches from > > causing a loop > > by disabling the port on a cisco switch... > > > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > > Thomas N. > > > Sent: Wednesday, April 02, 2003 12:18 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: VLAN loop problem [7:66656] > > > > > > > > > What does "portfast bpdu-guard" do? Does it prevent interfaces with > > > portfast enabled from causing the loop in my scenario? > > > > > > > > > ""Larry Letterman"" wrote in message > > > news:[EMAIL PROTECTED] > > > > > > > port mac address security might work, altho its a lot of admin > > > > overhead..are you running portfast bpdu-guard on the access ports? > > > > > > > > > > > > Larry Letterman > > > > Network Engineer > > > > Cisco Systems > > > > > > > > > > > > ----- Original Message ----- > > > > From: Thomas N. > > > > To: [EMAIL PROTECTED] > > > > Sent: Tuesday, April 01, 2003 8:14 PM > > > > Subject: VLAN loop problem [7:66656] > > > > > > > > > > > > Hi All, > > > > > > > > I got a problem in the production campus LAN here between > > > VLANs. Please > > > > help me out! Below is the scenario: > > > > > > > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. > > > Routing is > > > > enable/allowed between the two subnets using MSFC of > > the 6500. Each > > > subnet > > > > has a DHCP server to assign IP address to devices on its subnet. > > > > Spanning-tree is enable; however, portfast is turned on on all > > > > non-trunking/uplink ports. Recently, devices on VLAN 10 got > > > assigned an > > > IP > > > > address of 10.20.x.x , which is from the DHCP on the > > other scope and > > > also > > > > from 10.10.x.x scope, and vice versa. It seems that we a > > > loop somewhere > > > > between the 2 subnets but we don't know where. I > > noticed lots of end > > > users > > > > have a little unmanged hub/switch hang off the network > > jacks in their > > > > cubicals and potentially cause loop. > > > > > > > > Is there any way that we can block the loop on the > > Cisco switches > > > without > > > > visiting cubicals taking those little umanaged > > hubs/switches? Thanks! > > > > > > > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66761&t=66720 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]