Symptoms:
Some Cisco Cisco Routers (1900/2900 Series) are answering to the TCP connection attempts (replying SYN-ACKs for the SYN requests) upon TCP ports 2002, 4002, 6002, and 9002.Some other routers are answering tcp port 23 (telnet).
I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
tcp *:22 *:0 SSH-Server LISTEN
tcp *:23 *:0 Telnet LISTEN
tcp *:6002 88.198.46.51:58719 TCP Protocols ESTABLIS
udp *:123 *:0 NTP LISTEN
udp *:4500 *:0 ISAKMP LISTEN
udp *:161 *:0 IP SNMP LISTEN
udp *:162 *:0 IP SNMP LISTEN
udp *:1975 *:0 IPC LISTEN
udp *:57430 *:0 IP SNMP LISTEN
udp *:500 *:0 ISAKMP LISTEN
Solutions:
1. Solution for ports 2002, 4002, 6002 and 9002 will be same as the post mentioned before:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line 2 Router(config-line)#transport input none Router(config-line)#end Router#
2. Solution for port 23:
R#conf tEnter configuration commands, one per line. End with CNTL/Z.R(config)#class-map type port-filter match-any TCP23R(config-cmap)#match port tcp 23R(config)#policy-map type port-filter FILTERTCP23R(config-pmap)#class TCP23R(config-pmap-c)#dropR(config-pmap-c)#logR(config)#control-plane hostR(config-cp-host)#service-policy type port-filter input FILTERTCP23
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter 88.198.46.51(57596) -> 61.16.203.24(23)
Reference:
1.PacketU's Post2. itcertnotes' Post
No comments:
Post a Comment