We recently underwent a security scan of our network. One of the more common hits was on TCP ports in the 2000 or 6000 range on our AS5300s.. All of them had telnet daemons listening on them and each of them handed out the login banner upon connection.
I've seen this before when trying to set up a dialout server where you could essentially do a reverse telnet to a specific modem. I don't recall how to fix it though. These 5300s are on the public Internet in the heart of our service provider so we don't want them listening on these ports. Telnet is already shut down on the VTYs and SSH is restricted by IP. Suggestions?
Thanks J