I wish IOS had a option to display all the default
settings at times... like 'show running all' or
something.
--- Chris Brenton <[EMAIL PROTECTED]> wrote:
> "Brian J. Murrell" wrote:
> >
> > However, what I am interested in is disabling
> *all* of the unnecessary
> > services on the router. For example
> >
> > no cdp run
> >
> > Turns off CDP. Great. How about any others?
>
> It really depends on the version of IOS you are
> running. For example
> small-servers are enabled by default in 11.x but are
> off by default in
> 12.x.
>
> You really have to watch out for this because it can
> bite you. For
> example a "show running" will produce identical
> config files on both IOS
> versions even though small-servers is active on 11.x
> but disable on
> 12.x. The reason the files look the same is that the
> config file only
> shows _variations_ from the default settings. With
> this in mind its
> always a good idea to double check your config by
> running a port scan of
> the router once you have locked it down.
>
> With that said, try these:
>
> no service tcp-small-servers
> no service udp-small-servers
> no service finger
> no ip bootp server
> no ip http server
>
> Based on the above commentary, don't be concerned if
> you run these
> commands but "show running" does not display them.
> Its that "default
> setting" thing mentioned above. A port scan is still
> a good sanity check
> however.
>
> Additionally, you may also want to run these:
> no ip source-route
> banner incoming # Unauthorized access of this device
> is prohibited #
> no ip direct-broadcast (from interface config mode)
>
> HTH,
> Chris
> --
> **************************************
> [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
