[c-nsp] acess-list

Pete Templin petelists at templin.org
Thu Oct 30 08:31:34 EDT 2008

Peter Rathlev wrote:

> The router allocates the VTY from 0 an onwards, so the first person
> connecting gets VTY 0, next one VTY 1 and so on. There is practically no
> security benifits in having different ACLs on different VTYs. It is
> trivial for an attacker to starve e.g. VTY 0 - 4 so he can connect to
> VTY 5. In my eyes: Always treat every VTY the same.

What about the reverse logic, putting a tighter ACL on higher VTYs? 
I've heard of this as a safety valve: if too many connections are open 
to a router, the last few connections have to come from a key point.


More information about the cisco-nsp mailing list