topic Thanks for your reply! in Network Security

ports (vulnerability scan)

gvega0009 — Fri, 21 Feb 2020 13:18:09 GMT

I ran a vulnerability scan on a 2960 switch and some "ports" (I don't even know if this is the right way to call them) showed being open or that needed to be reviewed. I really need to know what they are and if I need to keep them or need to get rid of them. How do you disable "ports" (I am not talking about the actual ports on the switch ex. gig1/0/1) on a cisco switch? The ports are 4786 tcp, 67 udp, 161 udp, 162 udp, 1975 udp, 2228 udp, and 49688 udp.

udp/67 is bootp (used by DHCP

Marvin Rhoads — Mon, 06 Oct 2014 21:48:56 GMT

udp/67 is bootp (used by DHCP). The switch listens on that port if it is either a DHCP server itself or is setup to provide "ip helper" service which is used to translate local segment end users broadcasts to a unicast packet which is then forwarded to your DHCP server elsewhere.

udp 161 and 162 are used by SNMP. Best practice has SNMP restricted to SNMP v3 (with authentication and privacy or encryption) and an access-list applied to define your permitted SNMP servers.

The high numbered ports are usually a sign that the device (or a user session on it) is logged into something remotely and that's the random port is selected from the >1024 range (sometimes known as "ephemeral" ports since they come and go somewhat at random) to use as its source port. As long as the session is open, the devices will be "listening" on that port for replies.

Good link for port number reference.

The most effective way to

Leo Laohoo — Mon, 06 Oct 2014 22:06:15 GMT

The most effective way to disable those ports is on a firewall.

Thanks for your reply!

gvega0009 — Wed, 03 Jun 2015 15:56:46 GMT

Thanks for your reply!

gvega0009 — Wed, 03 Jun 2015 15:57:02 GMT

Thanks for your reply!

You're welcome.Please rate or

Marvin Rhoads — Wed, 03 Jun 2015 15:58:47 GMT

You're welcome.

Please rate or mark correct if it answers your question.