> Moreover, and keeping with the operational charter of the newsgroup, I
> would not recommend that folks enable r* commands on their cisco
> routers.I have been thinking about this; and, I can't figure out why. If you can
in the cisco specifically tell it which machines to listen to for rsh
connections, and specifically tell it not to allow any enable commands,
how can it be bad?
Well, if its possible to r* into a router, its possible to take
advantage of a mistake by an administrator (forgetting to disable a
service or temporarily enabling it and forgetting to AGAIN disable it)
and get into the router.
I think the primary reason for disabling r* commands is not so much
because of inherrint problems but more to close potential holes and
prevent accidents.