Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1965
Views
10
Helpful
7
Replies

Port Scanning 4331 Router

Go to solution
Alex Pfeil
Level 7
Level 7

‎03-11-2022 09:39 AM

We were hoping to get some feedback on why a router would show ports open on the public facing interface when they are not running on the router? They are not specifically closed. Nat is configured in a manner that would not allow a connection through the router to an inside device. We checked the router versions and two separate routers running the same code, One shows the ports open and one does not. Also, we turned off smart-call home feature and still see the ports open.

 

Here are the ports:

25

110

143

 

Does anybody have any ideas or an explanation?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Alex Pfeil

‎03-12-2022 01:54 AM

Then there may be some Portforward or NAt in place that is where the port show as open.

 

So suggestion from outside always protect network using ACL, and scan again to confirm all ok

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-11-2022 10:02 AM

These are related to Mail , SMTP/ POP / IMAP ?  what router is this ?

 

what is the outcome of scan

 

you can check on the router :

 

show ip socket

show ip tcp brief

show tcp brief

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Alex Pfeil
Level 7
Level 7

‎03-11-2022 01:57 PM

It is a branch router. Those ports are not listed in the show ip socket command or show tcp brief command.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Alex Pfeil

‎03-12-2022 01:54 AM

Then there may be some Portforward or NAt in place that is where the port show as open.

 

So suggestion from outside always protect network using ACL, and scan again to confirm all ok

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎03-11-2022 05:28 PM

Put an ACL.

Go to solution
Alex Pfeil
Level 7
Level 7

‎03-15-2022 08:25 AM - edited ‎03-15-2022 08:26 AM

I am going to put an ACL in place just so the port shows closed to a scan. There is no NAT in place that would allow a connection from the outside. Thanks for the help!

0 Helpful

Go to solution
Alex Pfeil
Level 7
Level 7

‎03-31-2022 06:14 AM

Interestingly, I placed an ACL blocking port 25 to the outside interface IP address and the port still shows open on a scan. The access-list increments showing that it is denied. Any thoughts?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Alex Pfeil

‎03-31-2022 08:47 AM

post the ACL and interface config to understand

 

we would like to see the IP you scanning vs configured IP.

 

is that direct scanning?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card