Cisco 2621

[Ollie Whitehouse <ollie () DELPHISPLC COM>]

All,

During a recent attack & penetration test the following was discovered,
thought it might be interesting.

Router : 2621
Software : Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

The router's AUX line had been configured as follows:
line aux 0
 no exec
 password 7 **********
 login
 transport input all

The NMAP scan of that network showed the following:
Port       State       Service
23/tcp     open        telnet
2065/tcp   open        dlsrpn

Doing a who on the router showed the following also (this is while a
connection is open on port 2065):
2621router>who

    Line      User       Host(s)              Idle Location
  65 aux 0               incoming             00:00:32 192.168.0.1
* 66 vty 0               idle                 00:00:00 192.168.11.87

No exploitable, but just keep it in mind when you see port 2065 listening
;o).

Rgds

Ollie
-----
Ollie Whitehouse
Security Team Leader
Delphis Consulting
tel: +44 (0)20 79160200
mai: ollie () delphisplc com

This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure.  Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent.  Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis