[c-nsp] Port 1720 & 1863

[abs]

the acl is being applied to my wan interface (hand off from isp).
i've applied it using ip access-group <name> in

i am performing the scan from an off site location on the external ip address (wan interface).  The scan was done on TCP.  let me know if you need additional info.

cheers,
abs

--- On Tue, 12/22/09, Steve Bertrand <steve at ibctech.ca> wrote:

From: Steve Bertrand <steve at ibctech.ca>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "abs" <abhishake00 at yahoo.com>
Cc: cisco-nsp at puck.nether.net
Date: Tuesday, December 22, 2009, 6:34 PM

abs wrote:

> ip access-list extended WANInBoundACL
>  permit udp any range bootps bootpc any range bootps bootpc
>  permit tcp any any established
>  permit udp any eq domain any
>  permit tcp any any eq 22
>  deny   ip any any log
> 
> When I run a port scan I see port 1720 as well as port 1863 open.  Port 1863 tends to open and close at random (don't understand why).  I realize that I may need to add an explicit entry in the ACL's for port 1720 as the service runs by default given the version of IOS that I am running.  
> 
> What I am failing to understand is why the above 2 ports are open even though I have a deny all statement at the end of the ACL.  Am I misunderstanding something?  Would someone be able to point me in the right direction?  Thank you in advance.

What interface do you have this ACL applied on, and how is it applied?

Further, where are you scanning from (connected to which interface), and
which address are you scanning? ie. are you scanning the IP address of
the interface itself, or an address behind the interface the ACL is
applied against?

Is your scan UDP or TCP?

Steve