nanog mailing list archives
Re: OK.
From: Wayne Bouchard <web () typo org>
Date: Sat, 1 Nov 1997 21:53:34 -0700 (MST)
Moreover, and keeping with the operational charter of the newsgroup, I would not recommend that folks enable r* commands on their cisco routers.I have been thinking about this; and, I can't figure out why. If you can in the cisco specifically tell it which machines to listen to for rsh connections, and specifically tell it not to allow any enable commands, how can it be bad?
Well, if its possible to r* into a router, its possible to take advantage of a mistake by an administrator (forgetting to disable a service or temporarily enabling it and forgetting to AGAIN disable it) and get into the router. I think the primary reason for disabling r* commands is not so much because of inherrint problems but more to close potential holes and prevent accidents. ---------------------------------------------------------------------- Wayne Bouchard GlobalCenter web () primenet com Primenet Network Operations Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------
Current thread:
- Re: OK. Alex Rubenstein (Nov 01)
- Re: OK. Wayne Bouchard (Nov 03)