Setup: 1605 running 12.0(5)T with IPFW w/ NAT(PAT) with one public on e0 and one private on e1.
I have turned off service dhcp and made sure no databases were define and no ip helper-address enabled, but everytime I scan the public side with nmap UPD it shows port 67,68,138 in the state open.
The results of show stack:
Minimum process stacks:
756/1000 c1000 LED
3692/4000 CDP Protocol
3716/4000 DHCPD Receive
3452/4000 RADIUS INITCONFIG
3616/5000 DHCP Client
2012/4000 Virtual Exec
Interrupt level stacks:
Level Called Unused/Size Name
4 11548 1792/3000 CPIC interrupts
7 0 2976/3000 Programmable Interval Timer
Is the DHCPD and DHCP client have anything todo with the open ports 67 and 68?? If so, how do I close 67,68,and 138?
Could you please provide the config of the router as well as the output of a "show ip sockets". Have you had a look at this document: http://www.cisco.com/warp/public/707/21.html ?Exert: "If you have the output of a show running-configuration command from your Cisco device, you can use Output Interpreter to display potential issues
UDP Ports 67 and 68 are to do with DHCP
UDP Port 138 deals with Netbios over IP (Microsoft)
You need to be careful when you do port scans and make sure you're on the same network as the router. Where did you perform your scan in relation to your router? This *may* be a false representation from your port scanner.