I can buy the comprising argument for a reason not to do this.
I think the reason most people here want to be able to do outbound
telnet is for troubleshooting - checking port connectivity and protocol
banners. Many times administrators are insistent that a server is
listening on such and such a port, and it's not. It's nice to be able to
troubleshoot problems in chunks.
Sam
Reuben Farrelly wrote:
You also can't ssh from a PIX, but you can of course ssh to it.
So it's not IMHO likely to be a case of "telnet being insecure", but
avoiding -all- client sourced access from a PIX out to anything else
which the PIX could potentially connect to.
I suspect the thinking is that the PIX itself, if compromised, can't
be used as a platform to launch into other devices in the network.
Especially given it is probably one device which would normally have
direct and unrestricted access to the private and DMZ networks in most
topologies...
Reuben
On 1/07/2008 9:19 PM, Aaron R wrote:
Hi,
As we all know Telnet is plaintext and insecure. I assume they have
disabled
telnet from the firewall to encourage secure communication?
I don't see why else they would have disabled it. Having said this they
still enable telnet to the device which is a complete contradiction :P
Cisco?
Cheers,
Aaron.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
