c3900-universalk9-mz.spa.157-3.m3.bin blocked ports
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2018 03:30 PM - edited 03-05-2019 11:05 AM
Hello
I recently performed an ios upgrade to run c3900-universalk9-mz.spa.157-3.m3.bin and was wondering if it can be verified that by default this IOS version would block smb ports 135-139 & 445
I am aware of the potential security risk having these ports open however the client at this time requires this so when i upgraded to this IOS train connectivity failed which meant I had to revert the change back to the previous IOS -c3900-universalk9-mz.spa.151-4.m4.bin
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Labels:
-
Other Routers
-
Other Routing
-
vEdge Routers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2018 06:15 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2018 07:11 AM - edited 12-06-2018 07:12 AM
Hello Joseph
@Joseph W. Doherty wrote:
Paul, you're asking whether the later IOS blocks SMB port to transit traffic, by default? (Or did you mean those port on/to the router, itself? I would be surprised that a Cisco router would block any transit traffic, by default.)
Yes i am asking if the later IOS blocks those SMB ports by default due to its very high vulnerability factor.
I cannot seem to find any validation, it could be a buggy IOS which I would say Cisco TAC would be my next port of call.
Also due to the lack of any real testing environment and nature of the clients business I cannot test various ios so hence the post on here to try an obtain a definitive answer.
TBH its either a buggy software or its blocking it by default, As it cannot be anything else, a simple roll back to the older ios resolves the connectivity problem regards these ports.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2018 07:36 AM
If you do have an active support contract, what you've encountered sounds like it's worth contacting Cisco TAC. If you do contact TAC, please, if possible, post what they have to say.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2018 08:00 AM - edited 12-06-2018 08:01 AM
Hello Joseph
Will do...
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
