Close Cisco IOS TCP Ports 23, 2002, 4002, 6002, and 9002 from Network Ports Scanning - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, August 15, 2014

Close Cisco IOS TCP Ports 23, 2002, 4002, 6002, and 9002 from Network Ports Scanning

Just found my Cisco 1921 has same problem on ports 2002, 4002, 6002 and 9002, as described on this post.

Symptoms:

Some Cisco Cisco Routers (1900/2900 Series) are answering to the TCP connection attempts (replying SYN-ACKs for the SYN requests) upon TCP ports 2002, 4002, 6002, and 9002.

Some other routers are answering tcp port 23 (telnet).

I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :

R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot               Local Address             Foreign Address                  Service    State
 tcp                        *:22                         *:0               SSH-Server   LISTEN
 tcp                        *:23                         *:0                   Telnet   LISTEN
 tcp                      *:6002          88.198.46.51:58719            TCP Protocols ESTABLIS
 udp                       *:123                         *:0                      NTP   LISTEN
 udp                      *:4500                         *:0                   ISAKMP   LISTEN
 udp                       *:161                         *:0                  IP SNMP   LISTEN
 udp                       *:162                         *:0                  IP SNMP   LISTEN
 udp                      *:1975                         *:0                      IPC   LISTEN
 udp                     *:57430                         *:0                  IP SNMP   LISTEN
 udp                       *:500                         *:0                   ISAKMP   LISTEN

Solutions:

1. Solution for ports 2002, 4002, 6002 and 9002 will be same as the post mentioned before:


Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line 2
Router(config-line)#transport input none
Router(config-line)#end
Router#


2. Solution for port 23:

R#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R(config)#class-map type port-filter match-any TCP23
R(config-cmap)#match port tcp 23
R(config)#policy-map type port-filter FILTERTCP23
R(config-pmap)#class TCP23
R(config-pmap-c)#drop   
R(config-pmap-c)#log
R(config)#control-plane host
R(config-cp-host)#service-policy type port-filter input FILTERTCP23

*Aug 15 16:31:29: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)

Reference:

1.PacketU's Post
2. itcertnotes' Post

No comments:

Post a Comment