Anyone out there ever witness an attack were you received several RSHPORT attempts (5 per second) on a cisco router from different spoofed source addresses. It was capable of taking out BGP and OSPF sessions on the router.
It was probably a large packet flood to random destination ports. Some of
them happened to hit rshell. What really took out your routing procs was
likely a huge packet flood, but due to volume you may not have been able to
access normal interface counters (i.e. MRTG doesn't get any SNMP packets
back when OSPF goes bye-bye).
Mike