I don't think its so fishy and I don't think Cisco could be faulted in any
way.
My reading is that the "guy" was working with Cisco on a problem.
Therefore this "guy" must have some responsibility for the network.
Cisco would have to think that this guy knows what he's doing since he has
the wherewithal to get into the company's network and then get into routers
to configure them.
It depends I guess on how far your conspiracy feelings go, if the "guy" was
bogus and had all the passwords etc, then how is Cisco to know?
Doesn't TAC have to deal with a registered contact?
Kevin Wigle
----- Original Message -----
From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, 18 January, 2001 22:51
Subject: Re: Remote Telnet access via dial-up
> At 07:32 PM 1/18/01, Erick B. wrote:
> >I don't understand how companys can have main network
> >equipment (routers, etc) accessible over the internet
> >with telnet (and other mgmt services) running *with*
> >no passwords or filters. I see it on a regular
> >occurance.
>
> That is amazing. But in this case the company had a lot of security, it
> sounds like. It was not possible to get into the routers until this guy
> opened up a backdoor and let Cisco engineers Telnet in over a dial-up line
> connected to his PC. I can't believe Cisco engineers would thwart their
> customer's security policy in that way. I think the story sounds fishy.
>
> Priscilla
>
>
> >--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> > > At 10:31 PM 1/17/01, J Roysdon wrote:
> > > >Today I was a site w/o internet access, but I
> > > needed to get Cisco into it to
> > > >save time relaying commands and information. I had
> > > a dial-up connection out
> > > >to my ISP, and then thought about the built-in
> > > Telnet server that Windows
> > > >2000 Professional has. I made a quick guest
> > > account for Cisco, and told
> > > >them my dial-up IP, which they could connect to,
> > > and then once telnetted
> > > >into my workstation, they were able to telnet out
> > > my NIC to the routers they
> > > >needs to get to. Only catch is that you can only
> > > have one session up
> > > >through it (enough for us):
> > >
> > > Good thing! Can you imagine the issues if you had
> > > just opened up port 23
> > > for the whole world? Good grief.
> > >
> > > I just asked a security expert at my company about
> > > this scenario and he
> > > took a sinister view. He wondered if the story was
> > > broadcast in order to
> > > incite damange. I don't think that's the case, but
> > > this message did come
> > > from the same guy that posted photographs of his
> > > site for some reason. See
> > > the message about patch panels.
> > >
> > > Priscilla
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Get email at your own domain with Yahoo! Mail.
> >http://personal.mail.yahoo.com/
>
>
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
