Use ACLs to block. Not as simple as the command you're looking for.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Jacques Atlas"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Fri, 4 May 20
#2210 (R&S)(ISP/Dial) CCSI #98640
> 5G Networks, Inc.
> [EMAIL PROTECTED]
> (925) 260-2724
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jacques Atlas
> > Sent: Friday, May 04, 2001 4:09 PM
> >
The port is still listening and will reply with something like "Password
required but none set." If I don't want telnet (or whatever service), I'd
add it to my ACL incoming filters.
access-list 101 deny tcp any host 1.1.1.1 eq telnet
access-list 101 deny tcp any host 2.2.2.2 eq telnet
(1.1.1.1
an Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
>5G Networks, Inc.
>[EMAIL PROTECTED]
>(925) 260-2724
>
> > -Original Message-
> > From: John Starta [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, May 05, 2001 8:58 AM
> > To: Brian Dennis
> > Cc: [EMA
ian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
5G Networks, Inc.
[EMAIL PROTECTED]
(925) 260-2724
> -Original Message-
> From: John Starta [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 05, 2001 8:58 AM
> To: Brian Dennis
> Cc: [EMAIL PROTECTED]
> Subject: RE: D
inal Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > john mcguinn
> > Sent: Friday, May 04, 2001 7:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Disable telnet port [7:3237]
> >
> >
> > config t
> > line
hi
On Sat, 5 May 2001, EA Louie wrote:
|If you have the right version of IOS, you can
|transport input ssh
that works :-)
thanks
--
jacques
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3293&t=3237
--
FAQ, list archives,
riginal Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> john mcguinn
> Sent: Friday, May 04, 2001 7:22 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Disable telnet port [7:3237]
>
>
> config t
> line vty 0 4
> transport input none
>
>
If you have the right version of IOS, you can
transport input ssh
and to answer Chuck's questions, there is a way to disable telnet and
everything else,
transport input none
- Original Message -
From: Jacques Atlas
To:
Sent: Friday, May 04, 2001 3:12 PM
Subject: RE: Disable t
config t
line vty 0 4
transport input none
You have successfully disabled telnet port.
Jack
- Original Message -
From: "Brian Dennis"
To:
Sent: Friday, May 04, 2001 7:21 PM
Subject: RE: Disable telnet port [7:3237]
> If you put an access-class in on the vty lines
An addendum to my message below: A port scan of the router after the vty's
are configured for "transport input none" will show nothing on port 23
(telnet) or port 221 (rlogin). Thus telnet and rlogin would appear to be
disabled.
jas
At 05:34 PM 5/4/01 -0700, John Starta wrote:
>How about conf
How about configuring the vty's for "transport input none". It doesn't
disable telnet perse, but it results in the router refusing connections to
it. (Out-of-band access recommended before applying; you will NOT be able
to telnet/rlogin to the router after applying.)
line vty 0 4
tra
TECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jacques Atlas
> Sent: Friday, May 04, 2001 4:09 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Disable telnet port [7:3237]
>
>
> On Fri, 4 May 2001, Chuck Larrieu wrote:
>
> |There is no option "no service telnet" on the
On Fri, 4 May 2001, Chuck Larrieu wrote:
|There is no option "no service telnet" on the IOS I have available to me.
:-) that was just an example of something that would be nice.
|Your choice would then become an access-list denying telnet to appropriate
|router interfaces. You can also apply ac
er.
HTH
Chuck
-Original Message-
From: Jacques Atlas [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 2:57 PM
To: Chuck Larrieu
Cc: [EMAIL PROTECTED]
Subject: RE: Disable telnet port [7:3237]
On Fri, 4 May 2001, Chuck Larrieu wrote:
|By "telnet port" do
On Fri, 4 May 2001, Chuck Larrieu wrote:
|By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
|themselves?
|
|If the latter, the most effective way is to require a login but set no
|password.
|Eg
|
|Line vty 0 4
|Login
anyone know if you can _disable_ telnet to a cisco and only ss
By "telnet port" do you mean TCP port 23. Or do you mean the VTY's
themselves?
If the latter, the most effective way is to require a login but set no
password.
Eg
Line vty 0 4
Login
HTH
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Victor C
17 matches
Mail list logo