AS5300s running telnet daemon listening on high unumbered ports

Discussion in 'Cisco' started by J, Jan 17, 2007.

  1. J

    J Guest

    We recently underwent a security scan of our network. One of the more
    common hits was on TCP ports in the 2000 or 6000 range on our AS5300s..
    All of them had telnet daemons listening on them and each of them
    handed out the login banner upon connection.

    I've seen this before when trying to set up a dialout server where you
    could essentially do a reverse telnet to a specific modem. I don't
    recall how to fix it though. These 5300s are on the public Internet in
    the heart of our service provider so we don't want them listening on
    these ports. Telnet is already shut down on the VTYs and SSH is
    restricted by IP. Suggestions?

    Thanks
    J
    J, Jan 17, 2007
    #1
    1. Advertising

  2. router(config)#line 1 48
    router(config-line)#transport input none

    This disables reverse telnet (reverse ssh, etc.) to your lines. Btw this is the
    default.

    Aaron

    ---

    ~ We recently underwent a security scan of our network. One of the more
    ~ common hits was on TCP ports in the 2000 or 6000 range on our AS5300s..
    ~ All of them had telnet daemons listening on them and each of them
    ~ handed out the login banner upon connection.
    ~
    ~ I've seen this before when trying to set up a dialout server where you
    ~ could essentially do a reverse telnet to a specific modem. I don't
    ~ recall how to fix it though. These 5300s are on the public Internet in
    ~ the heart of our service provider so we don't want them listening on
    ~ these ports. Telnet is already shut down on the VTYs and SSH is
    ~ restricted by IP. Suggestions?
    ~
    ~ Thanks
    ~ J
    Aaron Leonard, Jan 18, 2007
    #2
    1. Advertising

  3. J

    J Guest

    On Jan 18, 11:18 am, Aaron Leonard <> wrote:
    > router(config)#line 1 48
    > router(config-line)#transport input none
    >
    > This disables reverse telnet (reverse ssh, etc.) to your lines. Btw this is the
    > default.
    >
    > Aaron



    Aaron,

    Thank you very much! I figured it had to be something simple that I
    was overlooking. My eyes completely glossed over the other line
    statements. That fixed my problem. Thanks again

    J
    J, Jan 18, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Boris
    Replies:
    0
    Views:
    443
    Boris
    Jan 8, 2004
  2. Leon McCalla

    T.38 FAX failing on AS5300s w/ 12.3.9

    Leon McCalla, Aug 14, 2004, in forum: Cisco
    Replies:
    0
    Views:
    425
    Leon McCalla
    Aug 14, 2004
  3. Leon McCalla
    Replies:
    0
    Views:
    416
    Leon McCalla
    Aug 15, 2004
  4. Thaqalain
    Replies:
    6
    Views:
    1,001
    Thaqalain
    Jul 16, 2005
  5. R Green -WoWsat.com

    Re: Listening ports?!

    R Green -WoWsat.com, Aug 18, 2003, in forum: Computer Security
    Replies:
    1
    Views:
    1,349
    kroesjnov
    Aug 18, 2003
Loading...

Share This Page