Cisco 6Ks, telnet denied after scan
Datdamwuf Datdamwuf
datdamwuf at hotmail.com
Fri Jan 28 18:35:25 EST 2005
Scanning some Cisco Cat 6000 series and during the scan telnet access was
denied for about 30 minutes, happened on 4 of the devices.
Supposedly the 6Ks have a limited number of telnet sessions they can handle
simultaneously , about 10 at once.
Nessus was run pretty much in default config with unneeded plugin groups
turned off. I've searched the telnet plugins and can't find any that
*should* cause this behavior. We didn't do any brute forcing. I also didn't
see enough Cisco specific telnet plugins that would attempt a login to hit
the 10 session limit no matter how fast they ran...
Anyone seen something like this? Any pointers on where to look in the logs
to see if Nessus could have caused this? For all we know the engineers were
making config changes, willing to believe the scan could have been
responsible but of course: if you are doing an audit and anything goes wrong
it is always the security auditor that broke it....
TIA,
~D
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Nessus
mailing list