Unanswered Question
Aug 27th, 2005

when i write show logging i get the next massage: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from .

what is that massage?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gpauwen Sat, 08/27/2005 - 23:17


that message typically appears when somebody is doing a port scan on your network, and the RSHELL port (TCP port 514) is commonly part of that scan.

Of course, somebody could also try actively to connect to your router using RSHELL, and that message would appear when the router is not configured as RSHELL or RCP server.

Can you try and find out to whom that IP address ( belongs ? It is a private space address and therefore, likely, originates in your own network...



gpauwen Sun, 08/28/2005 - 02:13


if you want to prevent RSHELL access to your router alltogether, you could configure an access list with the following line:

access-list 101 deny tcp any any eq 514

access-list 101 permit ip any any

If you already have an access list configured, you can just add the first line.

If you want specific hosts to be able to remote shell to your router, amend the access list accordingly, e.g.:

access-list 101 permit tcp host host eq 514

This would allow the host from your log output to access the router with IP address using RSHELL.

Does that make sense ?




This Discussion