The VTY sessions are set for SSH, is telnet still open?

I'm in the process of enabling SSH on all of my routers, switches and firewalls.  After upgrading the IOS to one that supports SSH, generating the crypto key and then setting all of the VTY sessions to SSH only, my security team informs me that telnet is still vulnerable to IP spoofing.  They can demonstrate that when they launch a telnet session to one of my routers, the telnet session will pause for maybe 2 seconds before receivign the message that the session was terminated by the router.  They claim this indicates that the router is responding to the telnet session and before the actual disconnect is forced they could IP spoof the box and cause a DOS.
I say boulderdash but without any proof I am forced to create a bunch of ACL's to specifically deny telnet.  Here is an example of my VTY's:
line vty 0 4
access-class 23 in
exec-timeout 30 0
password 7 xxxxxxxxxxxxx
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
*The access list here is limiting access from a certain internal set of IP's.
Any thoughts?

Marcos,
Thank you for your time on this.  I believe I have found and corrected my issue.  In my first post I showed what the vty 0 4 sessions were set as.  What I failed to show was that the "vty 5 15" sessions were only set to "no exec".  So what was happening is that when I would telnet to the router, the session attempt would either walk down the list of VTY sessions looking for an open port or the router just bypassed the ones that were set for SSH and tried the first VTY port that was set for no exec.  This would allow for the telnet session to attempt to open but because the router was not allowing access to the command line interpreter, the router would reject the session attempt.
To correct this I simply set up all of my VTY sessions the same way, transport SSH in & transport SSH out.  The next attempt closed the telnet session immediately.  I still maintain there is no need for additional access-lists as I'm trying to keep my processor's free from any additional load to allow them to process the payload traffic as efficiently as possible.
If anyone has any best practices they would care to leave here, I would be interested.
Sam

Similar Messages

  • Hi, I have quick question about use of USEBEAN tag in SP2. When I specify a scope of SESSION for the java bean, it does not keep the values that I set for variable in the bean persistent.Thanks,Sonny

     

    Make sure that your bean is implementing the serializable interface and that
    you are accessing the bean from the session with the same name.
    Bryan
    "Sandeep Suri" <[email protected]> wrote in message
    news:[email protected]..
    Hi, I have quick question about use of USEBEAN tag in SP2. When I
    specify a scope of SESSION for the java bean, it does not keep the
    values that I set for variable in the bean persistent.Thanks,Sonny
    Try our New Web Based Forum at http://softwareforum.sun.com
    Includes Access to our Product Knowledge Base!

  • I recently downloaded a 10.6.8 update and a game program has now been reduced in size.  It's specifications are set for full screen, but it is about 1/4 of the size.  Any ideas how to fix?

    I recently downloaded a 10.6.8 update and a game program has now been reduced in size.  It's specifications are set for full screen, but it is about 1/4 of the size.  Any ideas how to fix?

    Hi, I have got the same problem but all is 1/4 the size have you fixed it?

  • My iPad Prefs are set for the side switch to Mute; but the speaker does not mute when the switch is moved down.

    My iPad Prefs are set for the side switch to Mute; but the speaker does not mute when the switch is moved down.

    That setting only works for system sounds like push notifications (emails and the like), some game sounds, keyboard clicks and things like that. If you want to mute all sounds you still have to turn the volume all the way down with the volume switch.

  • I can record and hear me recording through the computer's built in mic, but can't get the external mic and headphones to work., The preferences are set for the external mic and headphones...

    I can record and hear me recording through the computer's built in mic, but can't get the external mic and headphones to work., The preferences are set for the external mic and headphones...

    What operating system are you using? Is it on a Mac or a PC? Which preferences are set for external mic/headphones, Audition's or the computers?

  • Anyone having same prob as me? I updated to 8.1.3 and lost photo stream - all settings are set for photostream updating - the blue shirts at the Apple store seem to think that the feature was removed with the 8.1.3 update

    Is anyone having same prob as me? I updated to 8.3 and lost photo stream on my photos - all my settings are set for photostream updating - the blue shirts at the Apple store seem to think that the feature was removed from the phones with the 8.1.3 update but it is not mentioned anywhere on Apple's site

    found it
    http://gimutaowebsolution.com/missing-photos-on-ios-8-3-or-8-x/

  • The vibration on my iphone 5s. i tried restarting it that didn't work. i went to setting made sure vibration was on. i also tried changing the vibration that is set for when my phone rings and it didn't vibrate when i did that. what should i do?

    the vibration on my iphone 5s. i tried restarting it that didn't work. i went to setting made sure vibration was on. i also tried changing the vibration that is set for when my phone rings and it didn't vibrate when i did that. what should i do?

    Check http://support.apple.com/kb/TS5419 and be sure both ends of the connection are properly updated.

  • What's the best iTunes import setting for highest quality and universality?

    What's the best iTunes import setting for highest quality and universality?

    Highest quality?
    Apple Lossless. (But the files are way big)
    Universality?
    MP3 (choose the bit rate you think sounds best and doesn't take too much space)

  • Although the proper options are set, firefox will not notify me "first" when I shut down firefox with multiple tabs open.

    Firefox should warn me before shutting down when I have more than one tab open. Although the proper options are set, it just shuts down. VERY PAINFUL.

    Would you check what you have with I've listed in item #31 at
    * http://dmcritchie.mvps.org/firefox/firefox-problems.htm#tabslost
    Whether you do it the old way or the new way you can always pick up your last session from the History menu. So even if choose not to restore you tabs at the end of session or are not asked you still have the option to work from the last session through the History menu.
    You can make '''Firefox 8.0''' look like Firefox 3.6.*, see numbered '''items 1-10''' in the following topic [http://dmcritchie.mvps.org/firefox/firefox-problems.htm#fx4interface Fix Firefox 4.0 toolbar user interface, problems (Make Firefox 4.0 thru 8.0, look like 3.6)]. ''Whether or not you make changes, you should be aware of what has changed and what you have to do to use changed or missing features.''
    * http://dmcritchie.mvps.org/firefox/firefox-problems.htm#fx4interface
    <p>There is a lot more beyond those first 10 steps listed, if you want to make Firefox more functional.</p>
    <p><small>Please mark "Solved" one answer that will best help others with a similar problem -- hope this was it.</small></p>

  • SCOM - -500 Internal Server Error - There is a problem with the resource you are looking for, and it cannot be displayed

    Hi There,
    Need your assistance on the issue that we are facing in prod environment.
    We are able to open web console from remote machine and able to view monitoring pane as well as my workplace folders from console . Able to view and access alerts and other folder in the monitoring pane. We are able to view and access My Workplace folder
    and able to view the reports in Favorite Reports folder. But when I click on run Report we  are getting the below error  "500 Internal Server Error - There is a problem with the resource you are looking for, and it cannot be displayed."
    In our environment we have 3 servers one is SQL server and two are SCOM servers. Please advise how to fix this issue. Do we have to do any thing from SQL End?
    Errors: Event ID 21029: Performance data from the OpsMgr connector could not be collected since opening the shared data failed with error "5L".
     Event ID 6002 : Performance data from the Health Service could not be collected since opening the shared data failed with error 5L (Access is denied.).
    Regards,
    Sanjeev Kumar

    Duplicate thread:
    http://social.technet.microsoft.com/Forums/en-US/7675113e-49f0-4b3a-932b-4aceb3cfa981/scom-500-internal-server-error-there-is-a-problem-with-the-resource-you-are-looking-for-and-it?forum=operationsmanagerreporting
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • When I try to log in to my BC account I get a message that says this"Server Error in '/' Application.  The resource cannot be found.  Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its nam

    When I try to log in to my BC account I get a message that says this"Server Error in '/' Application.  The resource cannot be found.  Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.   Requested URL: /Admin/Index2.aspx"
    Any ideas???

    From the Safari menu bar, select
    Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
    and confirm. Test.

  • How do your turn off the "black and White" setting for the visually impaired?

    How do you turn off the "black and White" setting for the visually impaired?  Also known as the "tripple Click"

    Settings>General>Accessibilty>White on black--> Off

  • Pop Up: The software you are installing for this hardware has not passed Windows Logo testing - AntiVirus

    When deploying Endpoint Protection with SCCM 2012, some workstations are getting a popup saying:
    The software you are installing for this hardware has not passed Windows Logo
    testing and it references "Antivirus". Upon clicking continue anyway it finished installing.
    I'm not able to duplicate it on command and not sure why it's happening. Anyone else see this or have ideas on how to troubleshoot?

    Without a real screenshot (and maybe even being there), it's hard to say. IME this is not normal behavior and my first thought is that this is actually some malware causing this.
    Jason | http://blog.configmgrftw.com
    Sorry it took a while, was waiting for it to happen again. Here is an actual screen shot. I'm leaving it until I hear back from you guys. This client actually shows that the endpoint protection deployment state failed with this message:
    Description: 0x8004FF03.                                   
    InstallUpgradeOrUpdateInProgress=4.1.509.0

  • What is the best time to set for my iMac intel to get to sleep?

    what is the best time to set for my iMac intel to get to sleep? the default is 10 minutes, i am changing it to 1 houirs but i put the sleep time for my monitod 10 minutes. is it decent?

    steve359 wrote: The longer it runs, the shorter the expected life (just plain logic),
    but if it MUST run 24x7, then likely one has budgeted for a new system
    within 3 years anyway.
    Not so sure of that "just plain logic." Allowing  sleep too often will cause wear on the drive -- excessive spin up and spin down. Temperature permitting, a drive will last longer if just left running.
    For other hardware, a lot will have to do with the internal temps. When it's quite hot here, I allow the computer to sleep more often. But otherwise, it's a bit of this and a bit of that. I wouldn't personally recommend running 24/7, although I know of several here who claim they do, with no apparent adverse effects over many years.

  • Windows 7 help The topic you are looking for is not available in this version of Windows

    When I click on help, I get this message:  The topic you are looking for is not available in this version of Windows.
    I forget what my topic was, however, that is the response for any I try to get help for.

    Hi Akikuno
    It sounds like you are having issues with your help not coming up when you need to use it. I am providing you a link to a Microsoft Forum Thread where they are addressing the exact error message you are receiving.
    http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/the-topic-you-are-looking-for-is-not-avail...
    I would like to thank you for posting on the HP Forums and hope this resolves your issue so you can go back to enjoying your HP product. Have a great day!
    Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
    Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
    Dunidar
    I work on behalf of HP
    Find out a bit more about me by checking out my profile!
    "Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter

Maybe you are looking for

  • Double Apple ID on two iphone

    My mum had an iphone before me, but I used my Mac and Itunes to set up something on her phone. Then we I got my Iphone I used the same Mac and Itunes and off course my ID account to set mine. So in our iphones we actually have running two Apple ID. W

  • Virtualize IE6 including Internet Explorer Developer Toolbar

    I tried to follow this thread http://forums.novell.com/novell-prod...h-plugins.html to virtualize IE6 including Internet Explorer Developer Toolbar As a result IE6 contains Internet Explorer Developer Toolbar button but it's not work on Win 7 machine

  • Loading XML Data into Relational Table

    Hello, I receive an XML file generated from another tool (on Windows), I am trying to create a Linux shell script that will gather the needed XML file from my Linux database server, then have Oracle use this file to load the XML data into a relationa

  • MobileMe/IMAP: locally stored messages disappeared

    Hi, with the current service window of MobileMe, I cannot access my e-mails via the web interface. Fair enough, I thought, I was looking for a message I sent yesterday, and this will surely be accessible through Mail or at least in my local IMAP dire

  • Mail Form In Campaign

    Hi, We are using CRM 7.0 (Marketing module). I have created Attribute Context for Mail Forms in the IMG and it is also appearing in the Web UI. Nothing is appearing in Attributes when I'm selecting "Insert Attributes". Could anyone provide me the con