Switch UDP 123 Port OPEN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2014 07:20 PM
Our Switch (3750 & nexus 5000 & nexus 7000) be scan with udp 123 and 161 port open on management interface.
I know it's open for NTP and SNMP. But for our Security policy it's not allowed.
Any body know how to close it ??
Not only acl block but also port close(can not be find out with port scan tool).
thanks.
- Labels:
-
Network Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2014 07:49 PM
Your policy is to turn off ntp and snmp to make the switches more secure? That's a bit unusual since both, when configured properly, are considered best practices with respect to security.
Depending on the switch (IOS or NX-OS) you can generally use the "ntp disable" (on the L3 interface) or "no ntp enable" command.
If there's no snmp community set, the switch should not be snmp-enabled. Once one is set, the best you can do is to protect it with an access-list.
