rshell

Unanswered Question
Aug 27th, 2005

when i write show logging i get the next massage: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 172.20.50.18 .

what is that massage?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
gpauwen Sat, 08/27/2005 - 23:17

Hello,

that message typically appears when somebody is doing a port scan on your network, and the RSHELL port (TCP port 514) is commonly part of that scan.

Of course, somebody could also try actively to connect to your router using RSHELL, and that message would appear when the router is not configured as RSHELL or RCP server.

Can you try and find out to whom that IP address (172.20.50.18) belongs ? It is a private space address and therefore, likely, originates in your own network...

HTH,

GP

gpauwen Sun, 08/28/2005 - 02:13

Hello,

if you want to prevent RSHELL access to your router alltogether, you could configure an access list with the following line:

access-list 101 deny tcp any any eq 514

access-list 101 permit ip any any

If you already have an access list configured, you can just add the first line.

If you want specific hosts to be able to remote shell to your router, amend the access list accordingly, e.g.:

access-list 101 permit tcp host 172.20.50.18 host 192.168.1.1 eq 514

This would allow the host from your log output to access the router with IP address 192.168.1.1 using RSHELL.

Does that make sense ?

Regards,

GP

Actions

Login or Register to take actions

This Discussion

Posted August 27, 2005 at 10:11 PM
Stats:
Replies:3 Avg. Rating:5
Views:957 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard