Solved: Open UDP Ports 123/161/500

JoyWN · ‎06-05-2023

Hallo,

I have a few C1100 routers that seem to have some UDP ports open. Unless I disable the protocols e.g. NTP, the port are as below after an nmap scan:

123/udp open ntp

161/udp open snmp

500/udp open isakmp

Our SP says that there is currecntly no real security issue but it opens us to of course future problems. Could anyone have an idea/solution to this problem without disabling any of the protocols?

Thanks.

M02@rt37 · ‎06-05-2023

Hello @JoyWN,

Implement ACLs on the routers to restrict access to these open UDP ports. By carefully defining source and destination IP addresses, you can limit the exposure of these services to trusted entities while blocking unauthorized access.

Best regards
******* If This Helps, Please Rate *******
Ben

View solution in original post

M02@rt37 · ‎06-05-2023

Hello @JoyWN,

Implement ACLs on the routers to restrict access to these open UDP ports. By carefully defining source and destination IP addresses, you can limit the exposure of these services to trusted entities while blocking unauthorized access.

Best regards
******* If This Helps, Please Rate *******
Ben

MHM Cisco World · ‎06-06-2023

ip access-list extended 100
deny udp any eq 123 any
eny udp any any eq 123
deny udp any eq 161 any
deny udp any any eq 161

deny udp any eq 500 any
deny udp any any eq 500
permit ip any any

!
interface <connect to ISP>
ip access-group 100 IN

here you disable any packet with this port number come from ISP to your router

JoyWN · ‎06-06-2023

Thanks so much M02@rt37 and @MHM Cisco World. That actually solves the issue!