Moreover, and keeping with the operational charter of the newsgroup, I would not recommend that folks enable r* commands on their cisco routers.
I have been thinking about this; and, I can't figure out why. If you can in the cisco specifically tell it which machines to listen to for rsh connections, and specifically tell it not to allow any enable commands, how can it be bad?
Well, if its possible to r* into a router, its possible to take advantage of a mistake by an administrator (forgetting to disable a service or temporarily enabling it and forgetting to AGAIN disable it) and get into the router. I think the primary reason for disabling r* commands is not so much because of inherrint problems but more to close potential holes and prevent accidents. ---------------------------------------------------------------------- Wayne Bouchard GlobalCenter web@primenet.com Primenet Network Operations Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------