[c-nsp] Port 1720 & 1863

Steve Bertrand steve at ibctech.ca
Tue Dec 22 18:34:54 EST 2009


abs wrote:

> ip access-list extended WANInBoundACL
>  permit udp any range bootps bootpc any range bootps bootpc
>  permit tcp any any established
>  permit udp any eq domain any
>  permit tcp any any eq 22
>  deny   ip any any log
> 
> When I run a port scan I see port 1720 as well as port 1863 open.  Port 1863 tends to open and close at random (don't understand why).  I realize that I may need to add an explicit entry in the ACL's for port 1720 as the service runs by default given the version of IOS that I am running.  
> 
> What I am failing to understand is why the above 2 ports are open even though I have a deny all statement at the end of the ACL.  Am I misunderstanding something?  Would someone be able to point me in the right direction?  Thank you in advance.

What interface do you have this ACL applied on, and how is it applied?

Further, where are you scanning from (connected to which interface), and
which address are you scanning? ie. are you scanning the IP address of
the interface itself, or an address behind the interface the ACL is
applied against?

Is your scan UDP or TCP?

Steve


More information about the cisco-nsp mailing list