[c-nsp] Attempted to connect to RSHELL x.x.x.x

lee.e.rian at census.gov lee.e.rian at census.gov
Mon May 2 02:02:43 EDT 2005


If it's *lots* of RCMD-4-RSHPORTATTEMPT lines being logged and console
logging is enabled that might be the problem.  Try

conf t
no logging console
end

and see if that helps.  Even better would be blocking all that stuff coming
from the Internet.,  Something along the lines of

access-list 101 deny tcp any host <routerAddr 1> eq 514
access-list 101 deny tcp any host <routerAddr 2> eq 514
       ...
access-list 101 deny tcp any host <routerAddr N> eq 514
access-list 101 permit ip any any

interface serial<whatever>
 access-list 101 in
end


And after you get this issue resolved you might want to think about exactly
what you want to allow in from the Internet to your router.  For Internet
routers I like the attitude of 'this is what's  allowed to the router,
everything else gets blocked'.

HTH
Lee


"Hitesh Vinzoda" <hiteshvinzoda at hotmail.com> wrote on 05/02/2005 01:21:12
AM:

> hello every one
>
> our organization is having a 2501 router having real IP's on Serial
> interface connected to the ISP. Today as when i logged in to the router
and
> when i checked the logs by issueing the command "sh log" i found the
below
> mentioned log lines...
>
> RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL x.x.x.x
>
> RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL x.x.x.x
>
> i think there is some intrusion goin on in my network from outside and
after
> that i checked for the configuration of the router tht whether neone has
> tempered it or not. and i found nothin suspicious. but right now my when
i
> telnet to the router its so slow. tht i even cant issue the commands thru

> VTY. and thts a pain. can anyone of u suggest for this situation, i want
to
> get my router as it was earlier. and want the VTY line as fast as they
used
> to be. suggestions are invited
>
> Thanks in Advance
>
> Hitesh Vinzoda
>
> _________________________________________________________________
> 4000 new jobs everyday to choose from.
> http://www.naukri.com/tieups/tieups.php?othersrcp=736 Post your CV on
> naukri.com
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list