Hey Guys, I hope someone can help.
I have been using RouterOS for some years now, but only recently has this started popping up on my routers that have vulnerability scans running on them.
I use OpenVPN for many of my clients to access their networks. However, I am now getting errors on vulnerability scans stating that the rsh service is detected over TCP port 1194, which it states is high severity. Here is the exact message:
The rsh service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the rsh client and the rsh server. This includes logins and passwords. You should disable this service and use ssh instead.
Other low severity errors related are:
Unix R-Services (e.g., rlogin, rsh, etc.) are accessible on this host. These services allow for the remote execution of commands on a system. This generally reflects a lack of adequate firewall rules or other network-level access control which violates requirement 1 of the PCI DSS.
One or more remote access services were detected on the remote host. As defined by the PCI ASV Program Guide: "remote access software includes, but is not limited to: VPN (IPSec, PPTP, SSL), pcAnywhere, VNC, Microsoft Terminal Server, remote web-based administration, ssh, Telnet."
I have firewall rules dropping all input other than established/related and approved IP addresses, and I only have Winbox and SSH enabled under /ip services (firewall rules limit these to only my public IPs).
I cannot find any correlation to RSH and OVPN, nor between RouterOS and RSH. Any ideas are greatly appreciated.