02-22-2013 06:30 AM - edited 03-04-2019 07:06 PM
Let me start by saying I am not an expert in configuring Cisco routers. I'm trying to figure out what service or what I have enabled in my config allowing the open ports on a 2901 cisco router. The router is a passthrough to a firewall so I do not want any ports open on the public side. Any help would be appreciated!
NMAP results below:
PORT STATE SERVICE
25/tcp filtered smtp
465/tcp filtered smtps
1099/tcp filtered rmiregistry
3369/tcp filtered satvid-datalnk
8873/tcp filtered dxspider
Basic Config:
This is the running config of the router: xxxxx
----------------------------------------------------------------------------
!version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
logging console critical
enable secret 5 xxx
enable password 7 xxxx
!
no aaa new-model
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
no ip bootp
ip
xxxx.com
multilink bundle-name authenticated
!
!
crypto
token default removal timeout 0
!
!
license udi pid xx sn xx
!
!
!
!
ip tcp synwait-time 10
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
!
interface GigabitEthernet0/0
description $ES_LAN$
ip address xxxxx 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
auto
no mop enabled
!
interface GigabitEthernet0/1
description $ES_WAN$
ip address xxxxx 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 xxxxxx
!
logging trap debugging
dialer-list 1 protocol ip permit
!
no cdp run
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output none
stopbits 1
line vty 0 4
password XXX
no login
transport input none
transport output none
!
scheduler allocate 20000 1000
end
02-22-2013 06:52 AM
Hi David,
As there are no ACL's applied to any of the interfaces, the router will not being performing any traffic filtering, so it will allow everything through that it has a matching route for.
HTH
Paul
****Please rate useful posts****
02-22-2013 07:00 AM
That makes sense. My only concern is with my nmap results below I read that as someone could connect to ports 25, 465 etc. to the router and attempt altering the configuration etc. vs traffic just passing through. Am I not interperating this correctly? Thanks for the feedback.
25/tcp filtered smtp
465/tcp filtered smtps
1099/tcp filtered rmiregistry
3369/tcp filtered satvid-datalnk
8873/tcp filtered dxspider
02-22-2013 07:07 AM
When you run nmap, are you targetting an IP on one of the routers' interfaces?
HTH
Paul
****Please rate useful posts****
02-22-2013 07:10 AM
Yes the public facing WAN.
02-22-2013 07:29 AM
Sorry that was for the lan interface which I was surprised at the results. The wan side only looks like SMTP is open.
PORT STATE SERVICE
25/tcp filtered smtp
02-22-2013 07:32 AM
Ah ok. If you run 'show control-plane host open-ports' you'll see what service/process on the router has the ports opened.
You can also use 'show ip sockets' but it does not show the process/service.
HTH
Paul
****Please rate useful posts****
02-22-2013 07:39 AM
My concern is I had a company setup the device and I want to make sure its not exposed. Do you see anything that poses vulnerability?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide