topic Open UDP Ports 123/161/500 in Network Security

Open UDP Ports 123/161/500

abc1235 — Tue, 06 Jun 2023 06:44:08 GMT

Hallo,

I have a few C1100 routers that seem to have some UDP ports open. Unless I disable the protocols e.g. NTP, the port are as below after an nmap scan:

123/udp open ntp

161/udp open snmp

500/udp open isakmp

Our SP says that there is currecntly no real security issue but it opens us to of course future problems. Could anyone have an idea/solution to this problem without disabling any of the protocols?

Thanks.

Re: Open UDP Ports 123/161/500

M02@rt37 — Tue, 06 Jun 2023 06:57:37 GMT

Hello @abc1235,

Implement ACLs on the routers to restrict access to these open UDP ports. By carefully defining source and destination IP addresses, you can limit the exposure of these services to trusted entities while blocking unauthorized access.

Re: Open UDP Ports 123/161/500

MHM Cisco World — Tue, 06 Jun 2023 09:01:24 GMT

ip access-list extended 100
deny udp any eq 123 any
eny udp any any eq 123
deny udp any eq 161 any
deny udp any any eq 161

deny udp any eq 500 any
deny udp any any eq 500
permit ip any any

!
interface <connect to ISP>
ip access-group 100 IN

here you disable any packet with this port number come from ISP to your router

Re: Open UDP Ports 123/161/500

abc1235 — Tue, 06 Jun 2023 11:02:07 GMT

Thanks so much M02@rt37 and @MHM Cisco World. That actually solves the issue!