Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Cisco 'rsh' attacks?

  • From: Louis Destree
  • Date: Sun Apr 12 10:22:58 1998

Greetings,

Over the past few days, my Cisco logs have shown several attemps of folks
trying to rsh into my core routers.

These attempts seem to happen within a very brief period of time, and so
far there have been less than 8 attempts per 'attack' as if run by some
sort of script.  Below is the output from the latest attempt.  You can see
there were 4 attempts in 2 seconds.  I'm a pretty fast typist, but I don't
think I could pull that off by hand. 

Is this the 'next thing' we get to scramble about?  Anyone else having
these?  Are there any Cisco router related security holes relating to rsh
that these folks are trying to abuse?

Thanks,
Louis
-- 
Louis A. Destree
Senior Network Engineer
FlashNet Communications
destree@flash.net


Apr 11 20:13:49 wormhole.flash.net 2279: %RCMD-4-RSHPORTATTEMPT: Attempted
to connect to RSHELL from 204.167.245.140
Apr 11 20:13:49 wormhole.flash.net 2280: %RCMD-4-RSHPORTATTEMPT: Attempted
to connect to RSHELL from 204.167.245.140
Apr 11 20:13:50 wormhole.flash.net 2281: %RCMD-4-RSHPORTATTEMPT: Attempted
to connect to RSHELL from 204.167.245.140
Apr 11 20:13:50 wormhole.flash.net 2282: %RCMD-4-RSHPORTATTEMPT: Attempted
to connect to RSHELL from 204.167.245.140





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.