On Thu, 2009-04-02 at 15:33 -0700, Subba Rao wrote:
I am using Nipper for verifying my Cisco configuration. Nipper is finding the "rlogin" service that is not in the configuration. I have searched the access lists and do not see it anywhere. The explanation by Nipper about this finding, "....Telnet protocol implemented by this service...." is confusing.
The problem, IMHO, is nipper. You might or might not have the rlogin service enabled, but nipper has so many false positives I find is almost useless. In my case, it caught some obvious things I had forgotten to do, but everything else was useless. For instance from the nipper source code: struct vulnerability report_vuln_ios11 = {9, 0, 0, 12, 4, 0, "CVE-2007-0479", "22208", "IPv4 TCP listener denial of service", true, false, vuln_req_none, false, &report_vuln_ios12}; What the above means to nipper is any IOS version 12.0.x, 12.1.x, 12.2.x, 12.3.x is vulnerable, while every 12.4.x version is OK. This is obviously false on *both* counts. http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0... I spent a lot of time trying to explain this to $corporate audit guy that had never even logged into a router, let alone had to choose a stable IOS version for 6500/7600 class hardware.
Here is the Nipper's output:
<snip>
Thank you in advance for any help.
Subba Rao -- Christopher McCrory "The guy that keeps the servers running"
chrismcc@pricegrabber.com http://www.pricegrabber.com To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be.