Symptoms:
Some Cisco Cisco Routers (1900/2900 Series) are answering to the TCP connection attempts (replying SYN-ACKs for the SYN requests) upon TCP ports 2002, 4002, 6002, and 9002.Some other routers are answering tcp port 23 (telnet).
I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address       Foreign Address          Service   State
 tcp             *:22             *:0        SSH-Server  LISTEN
 tcp             *:23             *:0          Telnet  LISTEN
 tcp            *:6002      88.198.46.51:58719       TCP Protocols ESTABLIS
 udp            *:123             *:0            NTP  LISTEN
 udp            *:4500             *:0          ISAKMP  LISTEN
 udp            *:161             *:0          IP SNMP  LISTEN
 udp            *:162             *:0          IP SNMP  LISTEN
 udp            *:1975             *:0            IPC  LISTEN
 udp           *:57430             *:0          IP SNMP  LISTEN
 udp            *:500             *:0          ISAKMP  LISTEN
Solutions:
1. Solution for ports 2002, 4002, 6002 and 9002 will be same as the post mentioned before:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line 2 Router(config-line)#transport input none Router(config-line)#end Router#
2. Solution for port 23:
R#conf tEnter configuration commands, one per line.  End with CNTL/Z.R(config)#class-map type port-filter match-any TCP23R(config-cmap)#match port tcp 23R(config)#policy-map type port-filter FILTERTCP23R(config-pmap)#class TCP23R(config-pmap-c)#drop  ÂR(config-pmap-c)#logR(config)#control-plane hostR(config-cp-host)#service-policy type port-filter input FILTERTCP23
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
Reference:
1.PacketU's Post2. itcertnotes' Post
No comments:
Post a Comment