[c-nsp] Port 1720 & 1863

abs abhishake00 at yahoo.com
Tue Dec 22 19:02:53 EST 2009


i tried what you mentioned that did not seem to close the port.  i also tried the following in the config but that didn't seem to work either:

voice service voip
shutdown

any other thoughts?

--- On Tue, 12/22/09, Jared Mauch <jared at puck.nether.net> wrote:

From: Jared Mauch <jared at puck.nether.net>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "Steve Bertrand" <steve at ibctech.ca>
Cc: "abs" <abhishake00 at yahoo.com>, cisco-nsp at puck.nether.net
Date: Tuesday, December 22, 2009, 6:38 PM

You can close h.323 (1720) with a config like:

!
voice service voip 
 h323
  call service stop
!

- Jared

On Dec 22, 2009, at 6:34 PM, Steve Bertrand wrote:

> abs wrote:
> 
>> ip access-list extended WANInBoundACL
>> permit udp any range bootps bootpc any range bootps bootpc
>> permit tcp any any established
>> permit udp any eq domain any
>> permit tcp any any eq 22
>> deny   ip any any log
>> 
>> When I run a port scan I see port 1720 as well as port 1863 open.  Port 1863 tends to open and close at random (don't understand why).  I realize that I may need to add an explicit entry in the ACL's for port 1720 as the service runs by default given the version of IOS that I am running.  
>> 
>> What I am failing to understand is why the above 2 ports are open even though I have a deny all statement at the end of the ACL.  Am I misunderstanding something?  Would someone be able to point me in the right direction?  Thank you in advance.
> 
> What interface do you have this ACL applied on, and how is it applied?
> 
> Further, where are you scanning from (connected to which interface), and
> which address are you scanning? ie. are you scanning the IP address of
> the interface itself, or an address behind the interface the ACL is
> applied against?
> 
> Is your scan UDP or TCP?
> 
> Steve
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




      


More information about the cisco-nsp mailing list