Close Cisco IOS TCP Ports 23, 2002, 4002, 6002, and 9002 from Network Ports Scanning
Just found my Cisco 1921 has same problem on ports 2002, 4002, 6002 and 9002, as described on this post.
Some other routers are answering tcp port 23 (telnet).
I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address       Foreign Address          Service   State
 tcp             *:22             *:0        SSH-Server  LISTEN
 tcp             *:23             *:0          Telnet  LISTEN
 tcp            *:6002      88.198.46.51:58719       TCP Protocols ESTABLIS
 udp            *:123             *:0            NTP  LISTEN
 udp            *:4500             *:0          ISAKMP  LISTEN
 udp            *:161             *:0          IP SNMP  LISTEN
 udp            *:162             *:0          IP SNMP  LISTEN
 udp            *:1975             *:0            IPC  LISTEN
 udp           *:57430             *:0          IP SNMP  LISTEN
 udp            *:500             *:0          ISAKMP  LISTEN
*Aug 15 16:31:29: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
2. itcertnotes' Post
Symptoms:
Some Cisco Cisco Routers (1900/2900 Series) are answering to the TCP connection attempts (replying SYN-ACKs for the SYN requests) upon TCP ports 2002, 4002, 6002, and 9002.Some other routers are answering tcp port 23 (telnet).
I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address       Foreign Address          Service   State
 tcp             *:22             *:0        SSH-Server  LISTEN
 tcp             *:23             *:0          Telnet  LISTEN
 tcp            *:6002      88.198.46.51:58719       TCP Protocols ESTABLIS
 udp            *:123             *:0            NTP  LISTEN
 udp            *:4500             *:0          ISAKMP  LISTEN
 udp            *:161             *:0          IP SNMP  LISTEN
 udp            *:162             *:0          IP SNMP  LISTEN
 udp            *:1975             *:0            IPC  LISTEN
 udp           *:57430             *:0          IP SNMP  LISTEN
 udp            *:500             *:0          ISAKMP  LISTEN
Solutions:
1. Solution for ports 2002, 4002, 6002 and 9002 will be same as the post mentioned before:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line 2 Router(config-line)#transport input none Router(config-line)#end Router#
2. Solution for port 23:
R#conf tEnter configuration commands, one per line.  End with CNTL/Z.R(config)#class-map type port-filter match-any TCP23R(config-cmap)#match port tcp 23R(config)#policy-map type port-filter FILTERTCP23R(config-pmap)#class TCP23R(config-pmap-c)#drop  ÂR(config-pmap-c)#logR(config)#control-plane hostR(config-cp-host)#service-policy type port-filter input FILTERTCP23
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
Reference:
1.PacketU's Post2. itcertnotes' Post
No comments