[c-nsp] Port 1720 & 1863

Adam Strawson adam at thepub.cx
Wed Dec 23 05:41:37 EST 2009 

Do you really need "permit tcp any any established" or can you be more 
specific?  I'd bet that is causing what you are seeing.

Adam.

----- Original Message ----- 
From: "abs" <abhishake00 at yahoo.com>
To: "Steve Bertrand" <steve at ibctech.ca>; "Jared Mauch" 
<jared at puck.nether.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, December 23, 2009 12:02 AM
Subject: Re: [c-nsp] Port 1720 & 1863


i tried what you mentioned that did not seem to close the port. i also tried 
the following in the config but that didn't seem to work either:

voice service voip
shutdown

any other thoughts?

--- On Tue, 12/22/09, Jared Mauch <jared at puck.nether.net> wrote:

From: Jared Mauch <jared at puck.nether.net>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "Steve Bertrand" <steve at ibctech.ca>
Cc: "abs" <abhishake00 at yahoo.com>, cisco-nsp at puck.nether.net
Date: Tuesday, December 22, 2009, 6:38 PM

You can close h.323 (1720) with a config like:

!
voice service voip
 h323
call service stop
!

- Jared

On Dec 22, 2009, at 6:34 PM, Steve Bertrand wrote:

> abs wrote:
>
>> ip access-list extended WANInBoundACL
>> permit udp any range bootps bootpc any range bootps bootpc
>> permit tcp any any established
>> permit udp any eq domain any
>> permit tcp any any eq 22
>> deny ip any any log
>>
>> When I run a port scan I see port 1720 as well as port 1863 open. Port 
>> 1863 tends to open and close at random (don't understand why). I realize 
>> that I may need to add an explicit entry in the ACL's for port 1720 as 
>> the service runs by default given the version of IOS that I am running.
>>
>> What I am failing to understand is why the above 2 ports are open even 
>> though I have a deny all statement at the end of the ACL. Am I 
>> misunderstanding something? Would someone be able to point me in the 
>> right direction? Thank you in advance.
>
> What interface do you have this ACL applied on, and how is it applied?
>
> Further, where are you scanning from (connected to which interface), and
> which address are you scanning? ie. are you scanning the IP address of
> the interface itself, or an address behind the interface the ACL is
> applied against?
>
> Is your scan UDP or TCP?
>
> Steve
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/





_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list