OK.
Wayne Bouchard
web at typo.org
Sun Nov 2 04:53:34 UTC 1997
> > Moreover, and keeping with the operational charter of the newsgroup, I
> > would not recommend that folks enable r* commands on their cisco
> > routers.
>
> I have been thinking about this; and, I can't figure out why. If you can
> in the cisco specifically tell it which machines to listen to for rsh
> connections, and specifically tell it not to allow any enable commands,
> how can it be bad?
Well, if its possible to r* into a router, its possible to take
advantage of a mistake by an administrator (forgetting to disable a
service or temporarily enabling it and forgetting to AGAIN disable it)
and get into the router.
I think the primary reason for disabling r* commands is not so much
because of inherrint problems but more to close potential holes and
prevent accidents.
----------------------------------------------------------------------
Wayne Bouchard GlobalCenter
web at primenet.com
Primenet Network Operations Internet Solutions for
(602) 416-6422 800-373-2499 x6422 Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com http://www.globalcenter.net
----------------------------------------------------------------------
More information about the NANOG
mailing list