North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IOS 12.3(x) Strange service ports open on router
On Fri, 09 Apr 2004, Iljitsch van Beijnum wrote: > > On 9-apr-04, at 22:27, Pekka Savola wrote: > > >Another pet peeve of roughly the same category: when you enable IPv6, > >telnet is automatically open to the world (using v6), even if you have > >disabled v4 telnet with an access-list. > > >The vendor refused to believe this is a problem, > > Whether or not this is a problem is in the eye of the beholder, but > from what I've seen, this is standard practice with any kind of packet > filter. As far as I know, only hosts.allow-style tcp wrapping is > agnostic about the IP version. > > If you want to run a new protocol, you have to configure filters for it > unless you want to go through life unfiltered. That's the way things > work. > > It's even worse with FreeBSD: if you firewall it to the teeth in v4 and > disable v6 in the rc.conf, it will still run v6 with link-local > addresses and allow access to the services that are filtered in v4. Bad FreeBSD, no cookie for FreeBSD :) But if you don't need IPv6, remove INET6 from your kernel config file, rc.conf is not the right place to do it either. - yann
|