Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
7
Replies

2901 Configuration Question

davidk
Level 1
Level 1

‎02-22-2013 06:30 AM - edited ‎03-04-2019 07:06 PM

Let me start by saying I am not an expert in configuring Cisco routers.  I'm trying to figure out what service or what I have enabled in my config allowing the open ports on a 2901 cisco router. The router is a passthrough to a firewall so I do not want any ports open on the public side. Any help would be appreciated!

NMAP results below:

PORT STATE SERVICE

25/tcp filtered smtp

465/tcp filtered smtps

1099/tcp filtered rmiregistry

3369/tcp filtered satvid-datalnk

8873/tcp filtered dxspider

Basic Config:

This is the running config of the router: xxxxx

----------------------------------------------------------------------------

!version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname xxxx

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200

logging console critical

enable secret 5 xxx

enable password 7 xxxx

!

no aaa new-model

clock timezone PCTime -5 0

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

!

no ip bootp

server

ip

domain name

xxxx.com

multilink bundle-name authenticated

!

!

crypto

pki

token default removal timeout 0

!

!

license udi pid xx sn xx

!

!

!

!

ip tcp synwait-time 10

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

!

interface GigabitEthernet0/0

description $ES_LAN$

ip address xxxxx 255.255.255.192

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed

auto

no mop enabled

!

interface GigabitEthernet0/1

description $ES_WAN$

ip address xxxxx 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

duplex auto

speed auto

no mop enabled

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 xxxxxx

!

logging trap debugging

dialer-list 1 protocol ip permit

!

no cdp run

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport output none

stopbits 1

line vty 0 4

password XXX

no login

transport input none

transport output none

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
7 Replies 7

paulstone80
Level 3
Level 3

‎02-22-2013 06:52 AM

Hi David,

As there are no ACL's applied to any of the interfaces, the router will not being performing any traffic filtering, so it will allow everything through that it has a matching route for.

HTH


Paul



****Please rate useful posts****

HTH Paul ****Please rate useful posts****
0 Helpful

davidk
Level 1
Level 1
In response to paulstone80

‎02-22-2013 07:00 AM

That makes sense. My only concern is with my nmap results below I read that as someone could connect to ports 25, 465 etc. to the router and attempt altering the configuration etc. vs traffic just passing through.  Am I not interperating this correctly? Thanks for the feedback.

25/tcp filtered smtp

465/tcp filtered smtps

1099/tcp filtered rmiregistry

3369/tcp filtered satvid-datalnk

8873/tcp filtered dxspider

0 Helpful

paulstone80
Level 3
Level 3
In response to davidk

‎02-22-2013 07:07 AM

When you run nmap, are you targetting an IP on one of the routers' interfaces?

HTH

Paul



****Please rate useful posts****

HTH Paul ****Please rate useful posts****
0 Helpful

davidk
Level 1
Level 1
In response to paulstone80

‎02-22-2013 07:10 AM

Yes the public facing WAN.

0 Helpful

davidk
Level 1
Level 1
In response to davidk

‎02-22-2013 07:29 AM

Sorry that was for the lan interface which I was surprised at the results.  The wan side only looks like SMTP is open.

PORT STATE SERVICE

25/tcp filtered smtp

0 Helpful

paulstone80
Level 3
Level 3
In response to davidk

‎02-22-2013 07:32 AM

Ah ok. If you run 'show control-plane host open-ports' you'll see what service/process on the router has the ports opened.

You can also use 'show ip sockets' but it does not show the process/service.

HTH

Paul



****Please rate useful posts****

HTH Paul ****Please rate useful posts****
0 Helpful

davidk
Level 1
Level 1
In response to paulstone80

‎02-22-2013 07:39 AM

My concern is I had a company setup the device and I want to make sure its not exposed.  Do you see anything that poses vulnerability? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card