[c-nsp] OT: Telnet lock-out vulnerability
Amol Sapkal
amolsapkal at gmail.com
Mon Sep 20 05:15:57 EDT 2004
Hi,
> Possibly. You can clear the hung session without a reload, however.
>
> from the console,
> Do a "show tcp brief" to find the wedged session to local port 23.
> Then "clear tcp tcb [hex address]"
>
> This should restore your ability to telnet to the router.
>
> You might consider limiting telnet via access-class on the vty lines.
>
> --
> Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
> WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
> NetLojix Communications, Inc. - http://www.netlojix.com/
>
Thanks for the above suggestion. What happened in my case was that I
was not able to see any hung sessions. If it was hung sessions, the
router would not have allowed me no further port 23 tcp connections
(which was not the case). I was still able to get through the tcp, but
the prompt never appeared.
--
Warm Regds,
Amol Sapkal
--------------------------------------------------------------------
An eye for an eye makes the whole world blind
- Mahatma Gandhi
--------------------------------------------------------------------
More information about the cisco-nsp
mailing list