I don't understand how companys can have main network
equipment (routers, etc) accessible over the internet
with telnet (and other mgmt services) running *with*
no passwords or filters. I see it on a regular
occurance.
--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> At 10:31 PM 1/17/01, J Roysdon wrote:
> >Today I was a site w/o internet access, but I
> needed to get Cisco into it to
> >save time relaying commands and information. I had
> a dial-up connection out
> >to my ISP, and then thought about the built-in
> Telnet server that Windows
> >2000 Professional has. I made a quick guest
> account for Cisco, and told
> >them my dial-up IP, which they could connect to,
> and then once telnetted
> >into my workstation, they were able to telnet out
> my NIC to the routers they
> >needs to get to. Only catch is that you can only
> have one session up
> >through it (enough for us):
>
> Good thing! Can you imagine the issues if you had
> just opened up port 23
> for the whole world? Good grief.
>
> I just asked a security expert at my company about
> this scenario and he
> took a sinister view. He wondered if the story was
> broadcast in order to
> incite damange. I don't think that's the case, but
> this message did come
> from the same guy that posted photographs of his
> site for some reason. See
> the message about patch panels.
>
> Priscilla
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
