[c-nsp] Port 1720 & 1863
abs
abhishake00 at yahoo.com
Wed Dec 23 13:17:04 EST 2009
that is what i was thinking as well so i removed that line but that caused all responses to internal traffic to be blocked. What do you exactly mean by specific? Wouldn't I have to put a rule for each type of traffic?
--- On Wed, 12/23/09, Adam Strawson <adam at thepub.cx> wrote:
From: Adam Strawson <adam at thepub.cx>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "abs" <abhishake00 at yahoo.com>
Cc: cisco-nsp at puck.nether.net
Date: Wednesday, December 23, 2009, 5:41 AM
Do you really need "permit tcp any any established" or can you be more specific? I'd bet that is causing what you are seeing.
Adam.
----- Original Message ----- From: "abs" <abhishake00 at yahoo.com>
To: "Steve Bertrand" <steve at ibctech.ca>; "Jared Mauch" <jared at puck.nether.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, December 23, 2009 12:02 AM
Subject: Re: [c-nsp] Port 1720 & 1863
i tried what you mentioned that did not seem to close the port. i also tried the following in the config but that didn't seem to work either:
voice service voip
shutdown
any other thoughts?
--- On Tue, 12/22/09, Jared Mauch <jared at puck.nether.net> wrote:
From: Jared Mauch <jared at puck.nether.net>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "Steve Bertrand" <steve at ibctech.ca>
Cc: "abs" <abhishake00 at yahoo.com>, cisco-nsp at puck.nether.net
Date: Tuesday, December 22, 2009, 6:38 PM
You can close h.323 (1720) with a config like:
!
voice service voip
h323
call service stop
!
- Jared
On Dec 22, 2009, at 6:34 PM, Steve Bertrand wrote:
> abs wrote:
>
>> ip access-list extended WANInBoundACL
>> permit udp any range bootps bootpc any range bootps bootpc
>> permit tcp any any established
>> permit udp any eq domain any
>> permit tcp any any eq 22
>> deny ip any any log
>>
>> When I run a port scan I see port 1720 as well as port 1863 open. Port 1863 tends to open and close at random (don't understand why). I realize that I may need to add an explicit entry in the ACL's for port 1720 as the service runs by default given the version of IOS that I am running.
>>
>> What I am failing to understand is why the above 2 ports are open even though I have a deny all statement at the end of the ACL. Am I misunderstanding something? Would someone be able to point me in the right direction? Thank you in advance.
>
> What interface do you have this ACL applied on, and how is it applied?
>
> Further, where are you scanning from (connected to which interface), and
> which address are you scanning? ie. are you scanning the IP address of
> the interface itself, or an address behind the interface the ACL is
> applied against?
>
> Is your scan UDP or TCP?
>
> Steve
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list