Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2881
Views
0
Helpful
1
Replies

ACK,RST Security Issue

SJobs1971
Level 1
Level 1

‎07-03-2011 02:35 PM - edited ‎02-21-2020 04:23 AM

I did an nmap against myself, in which (with wireshark) I discovered that if nmap sends a TCP ACK out to my router, my router will automatically respond with a TCP RST. Is there anyway to stop the router from sending an RST for a connection that doesn't exist? I already use:

permit tcp any any established

deny   ip any any log

But that doesn't seem to work. Any advice would be appreciated.

Essentially what I'm looking to do it to Block TCP reset (RST) on closed TCP ports to prevent TCP port scanning.

Thanks.

2 people had this problem
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-19-2011 07:14 AM

I think there are limitations on IOS in doing this, but the following link will help you block some of these ports:

http://blog.ioshints.info/2007/06/closed-versus-filtered-ports.html

Blocking TCP RST packets might also work, but you would have to look into the various filtering planes (control, data etc)

http://fengnet.com/book/Cisco.IOS.Cookbook.2nd/I_0596527225_CHP_19_SECT_5.html

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card