[c-nsp] acess-list
Pete Templin
petelists at templin.org
Thu Oct 30 08:31:34 EDT 2008
Peter Rathlev wrote:
> The router allocates the VTY from 0 an onwards, so the first person
> connecting gets VTY 0, next one VTY 1 and so on. There is practically no
> security benifits in having different ACLs on different VTYs. It is
> trivial for an attacker to starve e.g. VTY 0 - 4 so he can connect to
> VTY 5. In my eyes: Always treat every VTY the same.
What about the reverse logic, putting a tighter ACL on higher VTYs?
I've heard of this as a safety valve: if too many connections are open
to a router, the last few connections have to come from a key point.
pt
More information about the cisco-nsp
mailing list