Rik thanks for reply, i just wanted to allow few users to do FTP on 1 of my
host, so i should allow only fpt ports.
Regards
-----Original Message-----
From: Rik [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 03, 2001 4:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Conduit Command
You are correct - anybody on the Internet can connect to host 1.1.1.1, which
is backwards compared to an access list on an IOS-based device. As for the
protocol, any IP-based protocol can be used to connect to this host.
The security implications are pretty scary doing this. If this host is
inside your internal network, then this would be a serious security threat
as someone could take control of that box and then have their way inside
your network, depending on what services are running. I wouldn't do this
under any circumstances. If you post a better idea of what you want to do,
I am sure that we can help you come up with a better, more secure solution.
Rik
"Muhammad Faheem" <[EMAIL PROTECTED]> wrote in message
F10CA2BAB231D211979A00805FC7A31A017A21A6@AFCOMP02">news:F10CA2BAB231D211979A00805FC7A31A017A21A6@AFCOMP02...
> Hi All
>
> Can anybody tell me whats the meaning of command "Conduit permit ip host
> 1.1.1.1 any" , to my understanding its allowing any body on Internet to
> access host using any protocol, pls correct me if i am wrong and how
> harmfull this could be for a secure environment.
>
> Regards
> Muhammad Faheem
> Systems Engineer
> Afcomp
> Hello : (9714)-3933878 / 3027338
> Fax : (9714)-3933832
> Web : www.afcomp.com
>
> [demime 0.98b removed an attachment of type application/ms-tnef]
[demime 0.98b removed an attachment of type application/ms-tnef]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
