10-02-2007 12:32 PM
We recently had a penetration test and the CSS was flagged as port 12176 being open on the interface of the CSS device itself.
What is this port used for?
10-02-2007 11:59 PM
that's not the CSS.
From my lab:
[root@linux-1 cisco]# !tel
telnet 192.168.30.120 12176
Trying 192.168.30.120...
0.000000 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818741423 TSER=0 WS=0
2.995762 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818741723 TSER=0 WS=0
8.995756 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818742323 TSER=0 WS=0
[root@linux-1 cisco]#
10-03-2007 05:36 AM
Thanks for the reply.
Just to learn something:
Are you verifying this by there being no "ack" in the attempt to connect on that port?
10-03-2007 05:48 AM
indeed, the SYN stays unanswered by the CSS.
As opposed to a telnet to an open port :
[root@linux-1 cisco]# telnet 192.168.30.120
Trying 192.168.30.120...
Connected to 192.168.30.120 (192.168.30.120).
Escape character is '^]'.
0.000000 192.168.30.48 -> 192.168.30.120 TCP 4311 > telnet [SYN] Seq=0 Ack=0 W in=5840 Len=0 MSS=1460 TSV=1820838209 TSER=0 WS=0
0.001906 192.168.30.120 -> 192.168.30.48 TCP telnet > 4311 [SYN, ACK] Seq=0 Ac k=1 Win=8192 Len=0 MSS=1460
10-03-2007 06:55 AM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide