I have noticed instances of %RCMD-4-RSHPORTATTEMPT showing up in my router logs, could this be an attempt to hack into the router
I run a university network and the gateway router that manages NAT and our current access lists showed a number od instance of the %RCMD-4-RSHPORTATTEMPT statement in the syslogs. I wanted to verify that the only reason for such a log entry is an attempt to access the router itself or could this message be generated by someone attempting unsuccessfully to rshell to a device accross the router. If it was in fact an attempt to Rshell into the router I will act on this as an attempted hack.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...