[c-nsp] open ports on a Cisco device & IOS hardening
Cis Ckp
cisckp8 at yahoo.com.sg
Sat Apr 16 11:46:33 EDT 2005
Hi,
Someone from the security group would do "Open port" scan
monthly for the networks & servers. For the Sun servers, we
would usually do "netstat -n" to see the "open ports" & then
edit the inetd.conf to close up unnecessary ports.
Is there something similar for Cisco devices/routers, say,
tweak existing ACLs or create new ACLs so that the unnecessary
ports are not opened? Besides ACL, is there anything more I
could do? If anyone can point to a url that explains these,
appreciate it.
Is the command to see what's the open ports for a Cisco
device as follows :
Router#sh tcp brief
TCB Local Address Foreign Address (state)
637202B8 10.0.0.19.12298 172.16.112.29.49 ESTAB
6371C978 10.0.0.19.12238 172.16.112.29.49 ESTAB
636CB228 10.0.0.19.12081 172.16.112.29.49 CLOSEWAIT
Regards
Goh
Yahoo! Mobile
- Download the latest ringtones, games, and more!
More information about the cisco-nsp
mailing list