[c-nsp] Catalyst 4500 listening on TCP 6154 on all interfaces
frederic.jutzet at sig-telecom.net
frederic.jutzet at sig-telecom.net
Tue May 8 06:30:33 EDT 2018
Cisco confirm me off-list that this is only a internal usage socket
which is not exposed.
An official info from them should come.
And before applying any iACL, check your netflow, you should not apply a
trivial iACL on your upstream, but you should be able to deny only
src=any, dst=yournetwork, proto=tcp, tcpflag=SYN, otherwise you might
block valid communication between your clients (port 6154 could have
been randomly selected by any tcp/ip stack to open a socket).
On 08.05.2018 12:04, Chris Jones wrote:
>> On 8 May 2018, at 12:20 am, Roland Dobbins <rdobbins at arbor.net> wrote:
>>
>>
>> On 7 May 2018, at 20:04, James Bensley wrote:
>>
>>> Have you opene s a TAC case?
>> Yes - that's how I'd go about it. If I couldn't take the gear in question out of service, I'd iACL it in the meantime (should be done, anyways).
>>
> For the super paranoid, I’d suggest probably ACLing it upstream (whatever’s causing it to listen may well selectively ignore an ACL, too…)
>
> </tin-foil-hat>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list