10-01-2006 10:15 AM - edited 03-09-2019 04:22 PM
When I nmap scan my Cisco 871 router running IOS 12.4(9)T it shows that port 110 (pop3) is open. I am unable to find what process is configured causing this port to be open. I am not running webVPN as a POP3 proxy.
Does anyone know what this may be and how to close it?
10-03-2006 03:03 AM
Hi,
maybe there're some nat configured ?
Paste the configuration (sh tech).
Regards
10-03-2006 07:35 AM
Yes, I do have NAT Overload configured. But why would that open up port 110 on the router itself?
Here is the show run (part 1 of 2):
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname Cisco871
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 8
logging buffered 51200 warnings
no logging rate-limit
enable secret 5
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common
!
resource policy
!
clock timezone CST -6
clock summer-time CST recurring
no ip source-route
ip cef
!
!
ip dhcp database tftp://10.10.10.3/DHCP/Cisco871Leases.txt
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.0 10.10.10.7
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.240
default-router 10.10.10.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip ssh version 2
ip inspect name cbac tcp
ip inspect name cbac udp
ip inspect name cbac icmp
ip inspect name cbac ftp
ip inspect name cbac isakmp
!
!
crypto pki trustpoint TP-self-signed-1747397358
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1747397358
revocation-check none
rsakeypair TP-self-signed-1747397358
!
!
crypto pki certificate chain TP-self-signed-1747397358
certificate self-signed 01
quit
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username
!
!
!
bridge irb
!
!
!
interface FastEthernet0
description Switchport 0
bandwidth 100000
!
interface FastEthernet1
description Switchport 1
bandwidth 100000
!
interface FastEthernet2
description Switchport 2
bandwidth 100000
!
interface FastEthernet3
description Switchport 3
bandwidth 100000
!
interface FastEthernet4
description Outside
bandwidth 100000
no ip dhcp client request tftp-server-address
no ip dhcp client request netbios-nameserver
no ip dhcp client request vendor-specific
ip address dhcp client-id FastEthernet4
ip access-group IngressFilter in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
description Switchport WLAN
bandwidth 54000
no ip address
!
broadcast-key change 3600
!
!
encryption mode ciphers tkip
!
ssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
channel 2412
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description VLAN 1 INSIDE
bandwidth 100000
no ip address
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
description VLAN 2 DMZ
bandwidth 100000
no ip address
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface BVI1
description Inside
bandwidth 100000
ip address 10.10.10.1 255.255.255.240
ip access-group EgressFilter in
no ip redirects
no ip proxy-arp
ip nat inside
ip inspect cbac in
ip virtual-reassembly
!
(see part 2 of 2)
10-03-2006 07:36 AM
Part 2 of 2 (show run):
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list NAT interface FastEthernet4 overload
!
ip access-list standard ADMIN
permit 10.10.10.0 0.0.0.15
deny any
!
ip access-list extended EgressFilter
remark Allow DHCP Traffic for Internal Clients
permit udp any eq bootpc host 255.255.255.255 eq bootps
permit udp any eq bootpc host 10.10.10.1 eq bootps
remark Allow SSH, SSL, SNMP and TFTP to Cisco Router
permit tcp 10.10.10.0 0.0.0.15 host 10.10.10.1 eq 22
permit tcp 10.10.10.0 0.0.0.15 host 10.10.10.1 eq 443
permit udp host 10.10.10.3 host 10.10.10.1 eq snmp
permit udp 10.10.10.0 0.0.0.15 eq tftp host 10.10.10.1
remark Allow Specific ICMP Traffic and Deny the Rest
permit icmp 10.10.10.0 0.0.0.15 any echo
permit icmp 10.10.10.0 0.0.0.15 host 10.10.10.1 echo-reply
deny icmp any any
remark Deny Traffic to Private Addresses
deny ip any 0.0.0.0 0.255.255.255
deny ip any 10.0.0.0 0.255.255.255
deny ip any 127.0.0.0 0.255.255.255
deny ip any 169.254.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.0.2.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 224.0.0.0 15.255.255.255
remark Allow Specific Application Traffic
permit tcp 10.10.10.0 0.0.0.15 any eq ftp
permit tcp 10.10.10.0 0.0.0.15 any eq smtp
permit udp 10.10.10.0 0.0.0.15 any eq domain
permit tcp 10.10.10.0 0.0.0.15 any eq www
permit tcp 10.10.10.0 0.0.0.15 any eq pop3
permit udp 10.10.10.0 0.0.0.15 any eq ntp
permit tcp 10.10.10.0 0.0.0.15 any eq 443
permit udp 10.10.10.0 0.0.0.15 host 204.234.80.253 eq isakmp
permit tcp 10.10.10.0 0.0.0.15 host 216.170.63.107 eq 510
permit tcp 10.10.10.0 0.0.0.15 any eq 554
permit tcp 10.10.10.0 0.0.0.15 any eq 8080
permit tcp 10.10.10.0 0.0.0.15 host 204.234.80.253 eq 10000
permit udp 10.10.10.0 0.0.0.15 any range 33400 34400
remark Deny All Other Traffic
deny ip any any
ip access-list extended IngressFilter
remark Allow DHCP Traffic for WAN Interface
permit udp any eq bootps any eq bootpc
remark Deny Traffic from Private Address Blocks
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 224.0.0.0 15.255.255.255 any log
remark Allow NTP Traffic
permit udp any eq ntp any
remark Deny All Other Traffic
deny ip any any log
ip access-list extended NAT
permit ip 10.10.10.0 0.0.0.15 any
!
logging 10.10.10.3
access-list 1 remark HTTP ADMIN ACL
access-list 1 permit 10.10.10.0 0.0.0.15
access-list 1 deny any log
access-list 2 remark SNMP ACL
access-list 2 permit 10.10.10.3
access-list 2 deny any log
snmp-server community
snmp-server contact
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd
Authorized Access Only!!!
This is the property of
DISCONNECT IMMEDIATELY!
For inquiries contact
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class ADMIN in
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175083
ntp server 192.43.244.18
ntp server 129.6.15.29
ntp server 129.6.15.28
end
02-01-2007 05:33 AM
Hi Andrew,
I got the same problem using a port scanner showing open port 110. Most likely this issue is related to your PC running an antivirus software which pretends the port to be open. I turned off virus protection and the scanner showed port 110 as closed.
Best regards,
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide