At 07:32 PM 1/18/01, Erick B. wrote:
>I don't understand how companys can have main network
>equipment (routers, etc) accessible over the internet
>with telnet (and other mgmt services) running *with*
>no passwords or filters. I see it on a regular
>occurance.
That is amazing. But in this case the company had a lot of security, it
sounds like. It was not possible to get into the routers until this guy
opened up a backdoor and let Cisco engineers Telnet in over a dial-up line
connected to his PC. I can't believe Cisco engineers would thwart their
customer's security policy in that way. I think the story sounds fishy.
Priscilla
>--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > At 10:31 PM 1/17/01, J Roysdon wrote:
> > >Today I was a site w/o internet access, but I
> > needed to get Cisco into it to
> > >save time relaying commands and information. I had
> > a dial-up connection out
> > >to my ISP, and then thought about the built-in
> > Telnet server that Windows
> > >2000 Professional has. I made a quick guest
> > account for Cisco, and told
> > >them my dial-up IP, which they could connect to,
> > and then once telnetted
> > >into my workstation, they were able to telnet out
> > my NIC to the routers they
> > >needs to get to. Only catch is that you can only
> > have one session up
> > >through it (enough for us):
> >
> > Good thing! Can you imagine the issues if you had
> > just opened up port 23
> > for the whole world? Good grief.
> >
> > I just asked a security expert at my company about
> > this scenario and he
> > took a sinister view. He wondered if the story was
> > broadcast in order to
> > incite damange. I don't think that's the case, but
> > this message did come
> > from the same guy that posted photographs of his
> > site for some reason. See
> > the message about patch panels.
> >
> > Priscilla
>
>
>__________________________________________________
>Do You Yahoo!?
>Get email at your own domain with Yahoo! Mail.
>http://personal.mail.yahoo.com/
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
