[nsp] telnet exploit on 3550 ?

[Everett Dowd]

You need to restrict who can connect via telnet using ACL's. TACACS
restrictions don't do the same thing as the vty acl's. I would restrict
where you can telnet to your 3550's to a very select groups of IP's...


YMMV

Everett


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jim Devane
Sent: Wednesday, December 03, 2003 6:24 PM
To: 'Dmitri Kalintsev'; cisco-nsp at puck.nether.net
Subject: RE: [nsp] telnet exploit on 3550 ?

D- 

I doubt it. 

They would have had to beat TACACS and we restrict TACACS responses from IP.

As reboot did clear it but I cam concerned about the future.

Thanks,
Jim


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dmitri Kalintsev
Sent: Wednesday, December 03, 2003 2:25 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [nsp] telnet exploit on 3550 ?

Jim,

Somebody just guessed your password and got in. Also by the look of things
they have done what you should have done in the first place - created a vty
ACL to keep you out of it. Simple reboot won't help you much, I'm afraid.
You'll have to go through the password recovery procedure, via console
cable.

SY,

-- D.K.

On Mon, Dec 01, 2003 at 12:51:03PM -0800, Jim Devane wrote:
> All,
...

> However, is there a knows exploit against telnet that is known? Below are
> the RSH attempts and the TACACS log of what happened and the "sh use" I
> cannot clear this line in my switch
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/