|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Cisco 'rsh' attacks?
Greetings, Over the past few days, my Cisco logs have shown several attemps of folks trying to rsh into my core routers. These attempts seem to happen within a very brief period of time, and so far there have been less than 8 attempts per 'attack' as if run by some sort of script. Below is the output from the latest attempt. You can see there were 4 attempts in 2 seconds. I'm a pretty fast typist, but I don't think I could pull that off by hand. Is this the 'next thing' we get to scramble about? Anyone else having these? Are there any Cisco router related security holes relating to rsh that these folks are trying to abuse? Thanks, Louis -- Louis A. Destree Senior Network Engineer FlashNet Communications [email protected] Apr 11 20:13:49 wormhole.flash.net 2279: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 204.167.245.140 Apr 11 20:13:49 wormhole.flash.net 2280: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 204.167.245.140 Apr 11 20:13:50 wormhole.flash.net 2281: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 204.167.245.140 Apr 11 20:13:50 wormhole.flash.net 2282: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 204.167.245.140
|