Re: IOS 12.3(x) Strange service ports open on router

[Iljitsch van Beijnum <iljitsch () muada com>]

On 9-apr-04, at 22:27, Pekka Savola wrote:

> Another pet peeve of roughly the same category: when you enable IPv6,
> telnet is automatically open to the world (using v6), even if you have
> disabled v4 telnet with an access-list.

> The vendor refused to believe this is a problem,

Whether or not this is a problem is in the eye of the beholder, but 
from what I've seen, this is standard practice with any kind of packet 
filter. As far as I know, only hosts.allow-style tcp wrapping is 
agnostic about the IP version.

If you want to run a new protocol, you have to configure filters for it 
unless you want to go through life unfiltered. That's the way things 
work.

It's even worse with FreeBSD: if you firewall it to the teeth in v4 and 
disable v6 in the rc.conf, it will still run v6 with link-local 
addresses and allow access to the services that are filtered in v4.