nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OK.

From: Wayne Bouchard <web () typo org>
Date: Sat, 1 Nov 1997 21:53:34 -0700 (MST)
  Moreover, and keeping with the operational charter of the newsgroup, I 
  would not recommend that folks enable r* commands on their cisco
  routers.


I have been thinking about this; and, I can't figure out why. If you can
in the cisco specifically tell it which machines to listen to for rsh
connections, and specifically tell it not to allow any enable commands,
how can it be bad?


Well, if its possible to r* into a router, its possible to take
advantage of a mistake by an administrator (forgetting to disable a
service or temporarily enabling it and forgetting to AGAIN disable it)
and get into the router.

I think the primary reason for disabling r* commands is not so much
because of inherrint problems but more to close potential holes and
prevent accidents.

----------------------------------------------------------------------
Wayne Bouchard                             GlobalCenter
web () primenet com                           
Primenet Network Operations                Internet Solutions for
(602) 416-6422   800-373-2499 x6422        Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com                    http://www.globalcenter.net
----------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: