Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
4
Replies

c3900-universalk9-mz.spa.157-3.m3.bin blocked ports

paul driver
VIP
VIP

‎12-05-2018 03:30 PM - edited ‎03-05-2019 11:05 AM

Hello

I recently performed an ios upgrade to run  c3900-universalk9-mz.spa.157-3.m3.bin and was wondering if it can be verified that by default this IOS version would block smb ports 135-139 & 445 

 

I am aware of the potential security risk having these ports open however the client at this time requires this so when i upgraded to this IOS train connectivity failed which meant I had to revert the change back to the previous IOS  -c3900-universalk9-mz.spa.151-4.m4.bin

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-06-2018 06:15 AM

Paul, you're asking whether the later IOS blocks SMB port to transit traffic, by default? (Or did you mean those port on/to the router, itself? I would be surprised that a Cisco router would block any transit traffic, by default.)
0 Helpful

paul driver
VIP
VIP
In response to Joseph W. Doherty

‎12-06-2018 07:11 AM - edited ‎12-06-2018 07:12 AM

Hello Joseph

@Joseph W. Doherty wrote:
Paul, you're asking whether the later IOS blocks SMB port to transit traffic, by default? (Or did you mean those port on/to the router, itself? I would be surprised that a Cisco router would block any transit traffic, by default.)

Yes i am asking if the later IOS blocks those SMB ports by default due to its very high vulnerability factor. 
I cannot seem to find any validation, it could be a buggy IOS which I would say Cisco TAC would be my next port of call.

 

Also due to the lack of any real testing environment and nature of the clients business I cannot test various ios so hence the post on here to try an obtain a definitive answer.

TBH its either a buggy software or its blocking it by default, As it cannot be anything else, a simple roll back to the older ios resolves the connectivity problem regards these ports.

 

 

 

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to paul driver

‎12-06-2018 07:36 AM

Paul, I don't know whether later Cisco IOSs, by default, block some transit traffic ports, but if they do, I would be surprised if they do.

If you do have an active support contract, what you've encountered sounds like it's worth contacting Cisco TAC. If you do contact TAC, please, if possible, post what they have to say.
0 Helpful

paul driver
VIP
VIP
In response to Joseph W. Doherty

‎12-06-2018 08:00 AM - edited ‎12-06-2018 08:01 AM

Hello Joseph

Will do...


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card