rshell

Unanswered Question
Aug 27th, 2005

when i write show logging i get the next massage: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 172.20.50.18 .

what is that massage?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gpauwen Sat, 08/27/2005 - 23:17

Hello,

that message typically appears when somebody is doing a port scan on your network, and the RSHELL port (TCP port 514) is commonly part of that scan.

Of course, somebody could also try actively to connect to your router using RSHELL, and that message would appear when the router is not configured as RSHELL or RCP server.

Can you try and find out to whom that IP address (172.20.50.18) belongs ? It is a private space address and therefore, likely, originates in your own network...

HTH,

GP

amenash123 Sun, 08/28/2005 - 02:00

how can i prevent that?

gpauwen Sun, 08/28/2005 - 02:13

Hello,

if you want to prevent RSHELL access to your router alltogether, you could configure an access list with the following line:

access-list 101 deny tcp any any eq 514

access-list 101 permit ip any any

If you already have an access list configured, you can just add the first line.

If you want specific hosts to be able to remote shell to your router, amend the access list accordingly, e.g.:

access-list 101 permit tcp host 172.20.50.18 host 192.168.1.1 eq 514

This would allow the host from your log output to access the router with IP address 192.168.1.1 using RSHELL.

Does that make sense ?

Regards,

GP

Actions

Login or Register to take actions

This Discussion

Posted August 27, 2005 at 10:11 PM
Stats:
Replies:3 Overall Rating:5
Views:1088 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Giuseppe Larosa
9,434
2
Paolo Bevilacqua
8,817
3
Richard Burts
8,489
4
Jon Marshall
7,058
5
Peter Paluch
5,481
Rank Username Points
Jon Marshall
242
Peter Paluch
90
Joseph W. Doherty
65
Leo Laohoo
50
Richard Burts
48