Re: Disable telnet port [7:3237]

Jason Roysdon Sat, 05 May 2001 20:43:20 -0700
That's actually the best method I've seen to date, and really only requires
adding two lines:

access-list 1 deny   any
line vty 0 4
 access-class 1 in

Of course, if you want it to not just "% Connection refused by remote host"
but just not respond period, you could make a route-map for all telnet
traffic to the router's ips and set it to forward to Null, and then they
just get nothing, period.  More work than it's worth, IMHO ;-)

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Brian Dennis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If you put an access-class in on the vty lines that disables everything
like
> Chuck recommended no one will be able to telnet in. Also a port scan will
> not show anything on port 23. So telnet would appear to be disabled.
>
> There just isn't a way to actually turn off the telnet process on a Cisco
> router. If you really want to stop the telnet process you could power off
> the router but this would stop all the processes 8-)
>
> Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
> 5G Networks, Inc.
> [EMAIL PROTECTED]
> (925) 260-2724
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jacques Atlas
> > Sent: Friday, May 04, 2001 4:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Disable telnet port [7:3237]
> >
> >
> > On Fri, 4 May 2001, Chuck Larrieu wrote:
> >
> > |There is no option "no service telnet" on the IOS I have available to
me.
> >
> > :-) that was just an example of something that would be nice.
> >
> > |Your choice would then become an access-list denying telnet to
> > appropriate
> > |router interfaces. You can also apply access lists to the vty
> > ports to limit
> > |who can telnet in. nope, can't delete the vty lines either.
> >
> > acl's for all interfaces is way to complex.
> >
> > telnet is not an option. if you can stop the telnet daemon on a unix box
> > you should be able to do it on a cisco device, if it support another
form
> > of transport.
> >
> > owell
> >
> > --
> > jacques
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3346&t=3237
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]

Reply via email to
