OK.

• Previous message (by thread): OK.
• Next message (by thread): Hello, mci?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >   Moreover, and keeping with the operational charter of the newsgroup, I 
> >   would not recommend that folks enable r* commands on their cisco
> >   routers.
> 
> I have been thinking about this; and, I can't figure out why. If you can
> in the cisco specifically tell it which machines to listen to for rsh
> connections, and specifically tell it not to allow any enable commands,
> how can it be bad?

Well, if its possible to r* into a router, its possible to take
advantage of a mistake by an administrator (forgetting to disable a
service or temporarily enabling it and forgetting to AGAIN disable it)
and get into the router.

I think the primary reason for disabling r* commands is not so much
because of inherrint problems but more to close potential holes and
prevent accidents.

----------------------------------------------------------------------
Wayne Bouchard                             GlobalCenter
web at primenet.com                           
Primenet Network Operations                Internet Solutions for
(602) 416-6422   800-373-2499 x6422        Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com                    http://www.globalcenter.net
----------------------------------------------------------------------

• Previous message (by thread): OK.
• Next message (by thread): Hello, mci?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]