[c-nsp] Security scanner showed plenty of open ports but "show ip
socket" doesn't
Cis Ckp
cisckp8 at yahoo.com.sg
Tue Aug 23 07:14:39 EDT 2005
Hi,
Bear with me if I've got my basics wrong.
Our security guys has run a scan on one addr 10.196.8.4
which is owned by the Layer 2 sc0 interface of our 6509
(see the scan results furthest below) :
set interface sc0 2 10.196.8.4/255.255.255.128 10.196.8.127
How can I close those ports?
Does it make sense for me to login to this 6509's MSFC & issue
"sh ip socket" to see the open ports (which gives :
MSFC# sh ip socket
sp01qrtc1ist5f5#sh ip socket
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 0.0.0.0 1985 10.196.22.1 1985 0 0 1 0
17 10.196.16.9 514 10.196.22.1 53808 0 0 10 0
17 10.196.16.11 514 10.196.22.1 55404 0 0 10 0
17 10.196.16.14 49 10.196.22.1 49 0 0 11 0
17 10.196.16.15 49 10.196.22.1 49 0 0 11 0
17 10.196.16.10 162 10.196.22.1 56167 0 0 0 0
17 10.196.16.8 162 10.196.22.1 57138 0 0 0 0
17 0.0.0.0 123 10.196.22.1 123 0 0 1 0
17 149.131.188.9 64827 10.196.75.5 161 0 0 1 0
17 0.0.0.0 0 10.196.22.1 162 0 0 9 0
17 0.0.0.0 0 10.196.22.1 52391 0 0 9 0
MSFC#sh tcp brief gives :
TCB Local Address Foreign Address (state)
52B535E4 127.0.0.12.23 127.0.0.11.4191 ESTAB
41FC5998 10.196.75.33.179 10.196.75.34.11002 ESTAB
551A1BF4 61.8.233.118.11401 61.8.233.117.179 ESTAB
Believe on the MSFC, the lines "no tcp-small-servers" &
"no udp-small-servers" are already in place - these lines
won't show up by default for the "no ..." statement.
Or should I tell the security guys that the scanner is faulty
& reporting faulty positives?
o 10.196.8.4: [attention] [7134/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [5553/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [2870/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [7684/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [7543/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [6066/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [1173/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [3238/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [4467/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [2357/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [9687/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [2461/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [9170/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [1269/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [8257/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [3815/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [2614/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [8359/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [4728/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [7853/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [9473/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [9472/TCP] Unidentified port is active.
o 10.196.8.4: [attention] [4029/TCP] Unidentified port is active.
. . .
Thanks
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 1GB free storage!
More information about the cisco-nsp
mailing list