block telnet?

[sumgirl]

Admittedly basic, but how would I block telnet? Should I do that in the PIX or is it best to do that on router or switch?

I have inherited this stuff, and no one else around now to do it...so just looking for basic starting points.

 

[ADB100]

Block telnet to or from what? Are you talking about an Internet facing PIX that you don't want users to be able to telnet into? or are you wanting to stop users telnet'ing to Internet hosts?

Some more info might help....

Andy

 

[sumgirl]

Sorry, totally obvious detail I left out I guess. Assuming I want to block telnet access to from external world in through PIX.

Again, I know very very little and I am just trying to get moving in the right direction. Wish there was a dummies / all you need to keep things running type of book!

 

[lgarner]

Generally, use the Pix. That's what it's for.

The router also needs to protect itself by allowing only necessary inbound traffic that is destined for its interface, such as routing protocols. But general access-lists should be kept in one place, and the firewall is a good place.

 

[unclerico]

you would need to explicity permit telnet traffic (or any incoming traffic for that matter) inbound. By default traffic coming from the outside to the inside (lower security interface to higher security interface) is blocked. You would need to create an Access List and more than likely a NAT statement in order for this to work. If you're seeing inbound traffic and are wondering how to stop it, then perhaps it would be best if you posted a scrubbed copy of your config by issuing the sh run command.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)