[c-nsp] Port 1720 & 1863

Steve Bertrand steve at ibctech.ca
Wed Dec 23 14:20:54 EST 2009


abs wrote:
> that is what i was thinking as well so i removed that line but that caused all responses to internal traffic to be blocked.  What do you exactly mean by specific?  Wouldn't I have to put a rule for each type of traffic?  

On an inbound ACL, allowing established TCP sessions means that a TCP
connection must be made from the 'internal' side of the interface, and
only inbound TCP traffic that is associated with that session can
ingress the interface.

Your 'deny ip any any' at the end would block ALL inbound TCP, other
than SSH and pre-established (by an internal device) sessions.

Reviewing your other email (that hasn't hit the list yet), do you happen
to have an H.323 session established to your nmap box when you see the
port as open?

What do you see when you (while on your nmap box):

% telnet <ip addr> 1720
% netstat -na | grep 1720
% netstat -na | grep <ip of remote>

If you want, provide me with the IP of the box off-list, and I'll scan
it from one of my hosts.

Steve


More information about the cisco-nsp mailing list