From: CCIE5591 (ccie@optonline.net)
Date: Mon Oct 21 2002 - 21:33:10 GMT-3
I have not seen too many people using RSHELL to admin the router (I may be
wrong though).....
If this your internal router, ask your security person if they are testing
the security holes in the network nodes. Mostly security folks do port scans
and login attempts to test via different protocols to evaluate the security
threats.
If this is your outside (internet facing/public) router, make sure access
list exists to deny such attack and if you have IDS, get the access list
loaded and ready; set the RSHELL thresholds to squash the attack, if needed.
Manjeet Chawla
mchawla@optonline.net
CCIE #5591
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Ahmed
Mamoor Amimi
Sent: Monday, October 21, 2002 3:31 PM
To: chen yi; ccielab@groupstudy.com
Subject: Re: what's the meaning of this log?
This is a remote shell command. Your router is configured to accept remote
commands and someone attempted to execute a command on ur router.
-Mamoor
----- Original Message -----
From: "chen yi" <chenyinet@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Monday, October 21, 2002 5:22 PM
Subject: what's the meaning of this log?
> 12:34:36: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from
> 210.226.96.37
>
>
>
>
>
> _________________________________________________________________
> SkA*;z5DEsSQ=xPP=;Aw#,GkJ9SC MSN Messenger: http://messenger.msn.com/lccn/
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:53 GMT-3