There's a mobile version of our website.
when i write show logging i get the next massage: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 172.20.50.18 .
what is that massage?
that message typically appears when somebody is doing a port scan on your network, and the RSHELL port (TCP port 514) is commonly part of that scan.
Of course, somebody could also try actively to connect to your router using RSHELL, and that message would appear when the router is not configured as RSHELL or RCP server.
Can you try and find out to whom that IP address (172.20.50.18) belongs ? It is a private space address and therefore, likely, originates in your own network...
if you want to prevent RSHELL access to your router alltogether, you could configure an access list with the following line:
access-list 101 deny tcp any any eq 514
access-list 101 permit ip any any
If you already have an access list configured, you can just add the first line.
If you want specific hosts to be able to remote shell to your router, amend the access list accordingly, e.g.:
access-list 101 permit tcp host 172.20.50.18 host 192.168.1.1 eq 514
This would allow the host from your log output to access the router with IP address 192.168.1.1 using RSHELL.
Does that make sense ?
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion