[nsp] tcp small servers not small enough
Jared Mauch
jared at puck.nether.net
Tue Oct 28 01:53:03 EST 2003
On Mon, Oct 27, 2003 at 08:58:13PM -0500, Ed Ravin wrote:
> When I turn on "service tcp-small-servers" on my 7200 box with 12.2(17a),
> these new ports appear:
>
> 7/tcp open echo
> 9/tcp open discard
> 13/tcp open daytime
> 19/tcp open chargen
>
> I only want echo and daytime to be available. Is there any way, other
> than ACLs on each interface, to disable them separately? I didn't see
> anything in the command-line help for "service tcp-small-servers", which
> appears to have no tunable settings other than the maximum number of
> servers.
If you run 12.2(18)S1 on your 7200, you could use the control-plane
QoS/rate-limit features in that release to lock down packets directed
to the router so you only provide echo and daytime.
I suggest using NTP or SNTP instead of daytime whenever possible,
most softawre supports it these days. You can also provide ntp
via broadcast/multicast to your lans as well.
- jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the cisco-nsp
mailing list