[c-nsp] Telnet FROM a PIX Appliance?
Sam Stickland
sam_mailinglists at spacething.org
Sat Jul 12 04:55:25 EDT 2008
Gert Doering wrote:
> Hi,
>
> On Fri, Jul 11, 2008 at 08:12:44PM +0300, Eugeniu Patrascu wrote:
>
>> If the PIX would be compromised, the attacker could also setup ACLs/NATs
>> so that he has access to the network.
>>
>
> Only if he gets "enable" access.
>
>
Still, it's not really a reason - on the old CatOS switches you had to
be in enable mode before you could outbound telnet; there's no reason
that couldn't be repeated. And if you realy didn't want telnet on the
PIX ban it on the AAA server. :)
I imagine, as with all these features, the reason it doesn't exist is
not enough people want/ask for it.
Sam
More information about the cisco-nsp
mailing list