Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco 2600 Ports Responding...

from [Ivan Sivkov] Network Security [Permanent Link]
Subject: Re: Cisco 2600 Ports Responding...
Date: Wed, 15 Sep 2004 00:52:33 +0300 
Hi Eagle,

AFAIK dhcp and possibly some other services are enabled by default on most IOSes. Ensure that you don't run any of the "suspicious" daemons by explicitly stopping them with 'no <service>' in global configuration mode, where <service> is the name of the service which responds to your UDP packets. For dhcp you should type 'no service dhcp' Another solution is the use of extended ACLs (Access Control Lists) which is not recommended, since you can just turn off the problematic service.
Speaking about UDP scans, they could give incorrect results because of the unreliable connectionless nature of the UDP protocol. You can never be 100% sure. I suggest you typing 'show ip sockets' in privileged exec mode (at the Router# prompt) to verify which ports are open on your router.

BR,

--
-- Ivan Sivkov
-- Systems Administrator
-- Cisco Networking Academy Regional Trainer: CCAI-CCNA, UNIX, FWL, Linux, NOS
-- ICQ: 147692374
-- www.cacad.com

Eagle 1865 wrote:

I have done the following nmap UDP scan of two of our Cisco routers
that terminate our IPSec traffic.  I am wondering if anyone can tell me
why the ports with asterisks are responding:

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2004-09-08
10:42 EDT
Interesting ports on x.x.x.x:
(The 1472 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
53/udp  open  domain *
67/udp  open  dhcpserver *
123/udp open  ntp
161/udp open  snmp
162/udp open  snmptrap
177/udp open  xdmcp *

I am currently working to disable SNMP access from our WAN facing
interfaces and after doing some initial discovery notcied these ports open
as well.  I am not running a DHCP server on either of these routers
(nmap scans are identical).  I am also not sure why XDMCP would be open at
all on a router.  Is this an error on nmaps part or are these ports
actually open?

Any help would be appreciated.

Thanks,

Mike.

------------------------------------------------------------------------
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now <http://us.rd.yahoo.com/evt=26640/*http://promotions.yahoo.com/goldrush>.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wierd ICMP in logs, Jose Maria Lopez
Next by Date:  Re: Cisco VPN and Direcway Satellite Service, Paul Kurczaba
Previous by Thread:  Re: Cisco 2600 Ports Responding..., Chris Brenton
Next by Thread:  RE: Cisco 2600 Ports Responding..., Andrew Shore
Indexes:  [Date] [Thread] [Top] [All Lists]