|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: OK.
> > Moreover, and keeping with the operational charter of the newsgroup, I > > would not recommend that folks enable r* commands on their cisco > > routers. > > I have been thinking about this; and, I can't figure out why. If you can > in the cisco specifically tell it which machines to listen to for rsh > connections, and specifically tell it not to allow any enable commands, > how can it be bad? Well, if its possible to r* into a router, its possible to take advantage of a mistake by an administrator (forgetting to disable a service or temporarily enabling it and forgetting to AGAIN disable it) and get into the router. I think the primary reason for disabling r* commands is not so much because of inherrint problems but more to close potential holes and prevent accidents. ---------------------------------------------------------------------- Wayne Bouchard GlobalCenter [email protected] Primenet Network Operations Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------
|