09-26-2006 07:18 PM - edited 03-03-2019 02:08 PM
Our company owns a Cisco 2821 router. Doing an nmap scan on the router shows 2 open ports, TCP port 5060 and 1720. Can I stop the services listening on those ports? Any advice is appreciated.
Thank you.
09-26-2006 09:49 PM
Please follow below link to apply the access-control to the interface which is scanned by the nmap. However, you have to ensure there is no application using this port and no impact to the production network.
e.g.
access-list 101 deny tcp any any eq 1720
access-list 101 deny tcp any any eq 5060
access-list 101 permit ip any any
interface ethernet 0
ip access-group 101 in
The TCP 1720 is used by H.323 & H.255; the TCP 5060 is used by IP Phone Call Manager SIP.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801a62b9.shtml
Hope this helps.
09-26-2006 10:08 PM
Thanks for the advice. I am attempting to harden the routers, therefore, I need to stop those services on the router. Although having an access-list could do the job, but that would mean that I have one more access list to maintain.
Is there a way to disable those services ?
09-26-2006 11:08 PM
Sorry I did not use nmap before, so I don't know its operation and how to scan the port.
However, the router default opens all ports, so use the ACL to limit the access is required. The router default does not have such services enabled (H.323 & SIP) but it does allow those traffic to pass through, so if we want to avoid the attack via those ports, we have to block it by using ACL.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide