>You let any luser telnet to your PM's?
>
>Talk about a security hole.
>
>:)
>Patrick
This is not only true on telnets (not every can filter out everything) but
on dial-ins which you may not have set to (or be able to) filter before
authentication. The debug goes wherever the PM thinks the console is and
it has been shown in the past that this frequently can be a dial-in port.
Yes it is a massive security hole. <but...> Check the archives on this
topic, it has been discussed numerous times, bottom line is that Lucent
and many users aren't concerned about it. Only solutions at this point
are to filter telnets from as much as you can AND make sure you always
turn debugging off before you exit using it. If you get inadvertently
booted, get right back on and turn debugging off. (Make sure your scripts
never go wild and if they do, they must also log back on as well) As
Lucent has said, "its merely a training issue for sysadmins" Look at the
previous threads for an extremely lengthy discussion on all
problems/repercussions of this. Seems to me that if a telnet session
closes, debugging should automatically be turned off. I'd live with the
fact that even if I logged out of telnet on one session, it turned off
debugging in another. But thats me :)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>