[c-nsp] Telnet FROM a PIX Appliance?
Sam Stickland
sam_mailinglists at spacething.org
Tue Jul 1 15:55:56 EDT 2008
I can buy the comprising argument for a reason not to do this.
I think the reason most people here want to be able to do outbound
telnet is for troubleshooting - checking port connectivity and protocol
banners. Many times administrators are insistent that a server is
listening on such and such a port, and it's not. It's nice to be able to
troubleshoot problems in chunks.
Sam
Reuben Farrelly wrote:
> You also can't ssh from a PIX, but you can of course ssh to it.
>
> So it's not IMHO likely to be a case of "telnet being insecure", but
> avoiding -all- client sourced access from a PIX out to anything else
> which the PIX could potentially connect to.
>
> I suspect the thinking is that the PIX itself, if compromised, can't
> be used as a platform to launch into other devices in the network.
> Especially given it is probably one device which would normally have
> direct and unrestricted access to the private and DMZ networks in most
> topologies...
>
> Reuben
>
>
>
> On 1/07/2008 9:19 PM, Aaron R wrote:
>> Hi,
>>
>> As we all know Telnet is plaintext and insecure. I assume they have
>> disabled
>> telnet from the firewall to encourage secure communication?
>> I don't see why else they would have disabled it. Having said this they
>> still enable telnet to the device which is a complete contradiction :P
>>
>> Cisco?
>>
>> Cheers,
>>
>> Aaron.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list