>> At the risk of sounding self (well, company) centric, our (3Com) routers
>> can be set to allow no access but console. We then connect the console
>> port to a communications (terminal) server so that we can still connect
>> to it by telnet.
>At the risk of sounding dense, what's the difference between telnetting to
>a router and telnetting to a port on a terminal server that connects to the
>console port on the router ?
What I was looking for in the original question was which systems that
provided routing/packet filtering could perform the same service for
*themselves*. Earlier I had observed that many attacks succeed because
the firewall/router that is protecting a domain is often the vector for
intrusion because it is not able to route/filter traffic for itself (and
if the nodename is XXX_7000 @
and the password is "CISCO" - don't laugh,
ignorance is curable)
Obviously, if such a device allows connection from the system console only
and that connection is to a PC or other device with a NIC on the inside
net, *that* traffic can be routed/filtered. (Thought about including that
in the original posting, decided "naaaaa, too kludgy").