Re: Disable telnet port [7:3237]

2001-05-05 Thread Jason Roysdon
Use ACLs to block. Not as simple as the command you're looking for. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Jacques Atlas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Fri, 4 May 20

Re: Disable telnet port [7:3237]

2001-05-05 Thread Jason Roysdon
#2210 (R&S)(ISP/Dial) CCSI #98640 > 5G Networks, Inc. > [EMAIL PROTECTED] > (925) 260-2724 > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Jacques Atlas > > Sent: Friday, May 04, 2001 4:09 PM > >

Re: Disable telnet port [7:3237]

2001-05-05 Thread Jason Roysdon
The port is still listening and will reply with something like "Password required but none set." If I don't want telnet (or whatever service), I'd add it to my ACL incoming filters. access-list 101 deny tcp any host 1.1.1.1 eq telnet access-list 101 deny tcp any host 2.2.2.2 eq telnet (1.1.1.1

RE: Disable telnet port [7:3237]

2001-05-05 Thread John Starta
an Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 >5G Networks, Inc. >[EMAIL PROTECTED] >(925) 260-2724 > > > -Original Message- > > From: John Starta [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, May 05, 2001 8:58 AM > > To: Brian Dennis > > Cc: [EMA

RE: Disable telnet port [7:3237]

2001-05-05 Thread Brian Dennis
ian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: John Starta [mailto:[EMAIL PROTECTED]] > Sent: Saturday, May 05, 2001 8:58 AM > To: Brian Dennis > Cc: [EMAIL PROTECTED] > Subject: RE: D

RE: Disable telnet port [7:3237]

2001-05-05 Thread John Starta
inal Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > john mcguinn > > Sent: Friday, May 04, 2001 7:22 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Disable telnet port [7:3237] > > > > > > config t > > line

Re: Disable telnet port [7:3237]

2001-05-05 Thread Jacques Atlas
hi On Sat, 5 May 2001, EA Louie wrote: |If you have the right version of IOS, you can |transport input ssh that works :-) thanks -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3293&t=3237 -- FAQ, list archives,

RE: Disable telnet port [7:3237]

2001-05-04 Thread Brian Dennis
riginal Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > john mcguinn > Sent: Friday, May 04, 2001 7:22 PM > To: [EMAIL PROTECTED] > Subject: Re: Disable telnet port [7:3237] > > > config t > line vty 0 4 > transport input none > >

Re: Disable telnet port [7:3237]

2001-05-04 Thread EA Louie
If you have the right version of IOS, you can transport input ssh and to answer Chuck's questions, there is a way to disable telnet and everything else, transport input none - Original Message - From: Jacques Atlas To: Sent: Friday, May 04, 2001 3:12 PM Subject: RE: Disable t

Re: Disable telnet port [7:3237]

2001-05-04 Thread john mcguinn
config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: "Brian Dennis" To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] > If you put an access-class in on the vty lines

Re: Disable telnet port [7:3237]

2001-05-04 Thread John Starta
An addendum to my message below: A port scan of the router after the vty's are configured for "transport input none" will show nothing on port 23 (telnet) or port 221 (rlogin). Thus telnet and rlogin would appear to be disabled. jas At 05:34 PM 5/4/01 -0700, John Starta wrote: >How about conf

Re: Disable telnet port [7:3237]

2001-05-04 Thread John Starta
How about configuring the vty's for "transport input none". It doesn't disable telnet perse, but it results in the router refusing connections to it. (Out-of-band access recommended before applying; you will NOT be able to telnet/rlogin to the router after applying.) line vty 0 4 tra

RE: Disable telnet port [7:3237]

2001-05-04 Thread Brian Dennis
TECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jacques Atlas > Sent: Friday, May 04, 2001 4:09 PM > To: [EMAIL PROTECTED] > Subject: RE: Disable telnet port [7:3237] > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > |There is no option "no service telnet" on the

RE: Disable telnet port [7:3237]

2001-05-04 Thread Jacques Atlas
On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option "no service telnet" on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply ac

RE: Disable telnet port [7:3237]

2001-05-04 Thread Chuck Larrieu
er. HTH Chuck -Original Message- From: Jacques Atlas [mailto:[EMAIL PROTECTED]] Sent: Friday, May 04, 2001 2:57 PM To: Chuck Larrieu Cc: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |By "telnet port" do

RE: Disable telnet port [7:3237]

2001-05-04 Thread Jacques Atlas
On Fri, 4 May 2001, Chuck Larrieu wrote: |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ss

RE: Disable telnet port [7:3237]

2001-05-04 Thread Chuck Larrieu
By "telnet port" do you mean TCP port 23. Or do you mean the VTY's themselves? If the latter, the most effective way is to require a login but set no password. Eg Line vty 0 4 Login HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Victor C