[c-nsp] Router TCP ports

Ryan O'Connell ryan at complicity.co.uk
Mon Aug 22 19:22:59 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 22/08/2005 14:38, Cheung, Rick wrote:

| Hi, folks, I have a 2620 running 12.3.13 with the IPSec/FW/IDS
| feature set. Doing a port scan against the router, I notice in
| addition to 22, ports 2065, 4065, 6065, 9065 open as well.
|
| This is with "transport input ssh" configured on the VTYs. When I
| telnet to the router, it resets the connection, as expected. Oddly
| enough, telnetting to the router on 2065, 4065, and 6065 reveals
| the login banner, and the username prompt, but it does not allow
| any input, and it times out within five seconds. Telnetting to port
| 9065, the router completes the three way handshake, but immediately
| resets the connection; no login prompt.
|
| I'm just curious as to what those ports are. Anyone know?


As noted by another poster, these are reverse telnet ports for AUX.
The 2620 has "support" for up to 64 async lines - actually, you can
only put an NM-32A in one which is 32 lines but the way IOS works it
also reserves 32 ports for the first two WIC slots as if it's really
an NM slot rather than fixed config. (You can put async-capable cards
in the WIC slots which is why it needs to reserve some ports. This is
annoying because when using a 26xx as a console router, the ports
start numbering at 2032 rather than 2001.)

Con is always port 0 (2000/4000/6000) and aux is, confusingly, always
max_ports + 1, which is 65 in this case. 2000-range ports are "basic"
reverse telnet, 4xxx is stream mode, 6xxx is binary mode and 9xxx is
xremote - there are more, but they're disabled by default - see
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm for the
full list.

To disable these ports you should be able to do:
line aux 0
~ no transport input telnet

Failing that, setting an outgoing access-class on the line that denies
all IPs should do the trick.

- --
~         Ryan O'Connell - CCIE #8174
<ryan at complicity.co.uk> - http://www.complicity.co.uk

I'm not losing my mind, no I'm not changing my lines,
I'm just learning new things with the passage of time
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDCl5SoaLhvISWLh0RArr9AKCJUnENtoyEyJzj1kqjhQgCmI6Z1wCeNIRV
s/HjBT1GDHq/pEskYTd+uWA=
=DSma
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list