Ad Hoc Abuse Issues
IOS contains a number of features that may be maliciously exploited. These are of particular concern to operators of large networks who may have very little control over or knowledge of who is using the network, or for what purpose. The following template lists services and features that you should consider turning off:
no service fingerno service padno service udp-small-serversno service tcp-small-serversno ip bootp servers
The finger service is unnecessary for tracking who is logged into the router. The AAA architecture discussed in this section provides a superior set of services for that. Known security risks are associated with the finger service, so it is better disabled via no service finger. The pad service is a relic ...
Get Large-Scale IP Network Solutions (CCIE Professional Development) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
