Remote Shell

Previous page
Table of content
Next page

Remote Shell (RSH) was originally created for Unix systems as an easy-to-use remote console that doesn't need a login as its brother Telnet does. RSH is very insecure and should be replaced at all costs with more secure connections, such as SSH.

RSH is similar to standard mode in the FTP protocol. Two connections are required for complete communication ”one connection for commands and a second for standard error outputs. The client embeds the port number to which the server should send standard errors. The server then initiates the second connection that will not be in the connection table. If the fixup protocol rsh command is not enabled, the ASA rejects the server's request.

The fixup protocol rsh command inspects the RSH traffic for the embedded port requests needed on port 514. When a request for a port is sent, the ASA dynamically creates a connection slot to allow the server to send traffic back to the client. The following is the command syntax for RSH: 

 pixfirewall(config)# [no] fixup protocol rsh <port-[port]>

The following example enables RSH inspection on a range of additional ports: 

 pixfirewall(config)# fixup protocol rsh 2000-2003

Previous page
Table of content
Next page
CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218
Authors: Daniel P. Newman
BUY ON AMAZON
Snort Cookbook
Network Security Architectures
MySQL Clustering
Microsoft WSH and VBScript Programming for the Absolute Beginner
Extending and Embedding PHP
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy