From: Thomwin Chen (thomwin_chen@yahoo.com)
Date: Mon Aug 22 2005 - 10:57:47 GMT-3
Gladston,
R1-3725(config)#access-list 100 permit tcp any any eq syslog
R1-3725(config)#do show access-list 100
Extended IP access list 100
10 permit tcp any any eq cmd
it will be converted automatically back to rcmd (tcp 514)
Rgds,
Thomwin
gladston@br.ibm.com wrote:
Hi,
Port 514 TCP is RSH.
Port 514 UDP is Syslog.
IOS shows Syslog as an option for tcp port 514
Rack2R5(config)#access-list 108 permit tcp a a eq ?
syslog Syslog (514)
Is there any change I am not aware of?
====================
quoted
In the past, the custom was to allocated each type of port independently, so port 514/tcp belongs to the remote shell (rsh) and 514/udp is used by the system logger (syslogd)
=====================
====================
quoted
Port 514 syslog, rsh
(UDP) Receives incoming 'syslog' messages and logs them to a database. The 'syslogd' is one of the more important daemons running on a UNIX host. A common hacker technique is to flood messages at the syslog daemon in hopes to fill up its queue. Client ports are both above and below port 1023.
(TCP) rsh (remote shell) sends a command to a shell on the remote machine and receives the stderr and stdout from it.
http://www.iss.net/security_center/advice/Exploits/Ports/514/default.htm
======================
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3