Nipper and Cisco configuration results

Jo¢ jbfixurpc at
Thu Apr 2 19:18:43 CDT 2009

What IOS version are you using? I don't see that behavior (rlogin/rsh) by
default, but I'm a few revisions behind on the latest. @ 12.2
I do see from the router: 
RCMD-4-RSHPORTATTEMPT Attempted to connect to RSHELL from
from nmaps, but theres no response to the SYN packet of the attempting IP. I
think this has been
the case since w-a-y earlier versions of IOS for logging levels but not sure
at which level.
Looks to only be logging an attempt, no session is made, sort of like a
just letting you know there was an attempt. The router gets the request but
it falls on deaf
ears, no one home. Unless perhaps theres some other sort of flag/bit that
can be presented to 
open that connection(extremely doubtful) I don't believe theres any way to

Perhaps turning down your logging will prevent your testing program from
reporting a false positive?
I'd snoop/sniff the traffic and see if your router is SYN/ACK-ing the
request of rlogin/rsh to be sure.

<sarcasm>And make sure their not to close to one another, incase their using
internal wireless units as a means to complete the connection, those Cisco
guys you know..</sarcasm>

Joe Blanchard

> -----Original Message-----
> From: Subba Rao [mailto:castellan2004-nsm at] 
> Sent: Thursday, April 02, 2009 6:33 PM
> To: nanog at
> Subject: Nipper and Cisco configuration results
> I am using Nipper for verifying my Cisco configuration.  
> Nipper is finding the "rlogin" service that is not in the 
> configuration.  I have searched the access lists and do not 
> see it anywhere.  The explanation by Nipper about this 
> finding, "....Telnet protocol implemented by this 
> service...." is confusing.  Here is the Nipper's output:
> ______________________________
> Rlogin Service Settings
> The Rlogin service enables remote administrative access to a 
> CLI on Cisco Router Devices.  The Telnet protocol implemented 
> by th service is simple and provides no encryption of the 
> network communications between client and the server.  This 
> section details the Rlogin settings.
> Description                Setting
> Rlogin Service            Enabled
> Service TCP Port        513
> ______________________________
> I have checked a few other routers where SSH was not enabled 
> with the same results.
> Can someone explain why Nipper is saying "Rlogin is enabled" 
> when I do not see it in the configuration file?  Is there 
> something else that I need to be looking at?
> Thank you in advance for any help.
> Subba Rao

More information about the NANOG mailing list