AS5300s running telnet daemon listening on high unumbered ports

We recently underwent a security scan of our network. One of the more common hits was on TCP ports in the 2000 or 6000 range on our AS5300s.. All of them had telnet daemons listening on them and each of them handed out the login banner upon connection.

I've seen this before when trying to set up a dialout server where you could essentially do a reverse telnet to a specific modem. I don't recall how to fix it though. These 5300s are on the public Internet in the heart of our service provider so we don't want them listening on these ports. Telnet is already shut down on the VTYs and SSH is restricted by IP. Suggestions?

Thanks J

Reply to
J
Loading thread data ...

router(config)#line 1 48 router(config-line)#transport input none

This disables reverse telnet (reverse ssh, etc.) to your lines. Btw this is the default.

Aaron

Reply to
Aaron Leonard

Aaron,

Thank you very much! I figured it had to be something simple that I was overlooking. My eyes completely glossed over the other line statements. That fixed my problem. Thanks again

J
Reply to
J

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.