08-12-2011 01:48 PM - edited 03-04-2019 01:16 PM
NERC CIP standards require us to disable unnecessary ports on routers. NMAP SCANs showing;
1720/tcp open H.323/Q.931
2001/tcp open dc
4001/tcp open unknown
6001/tcp open X11:1
9001/tcp open tor-orport
Can anyone point me or reply with commands to disable whatever service(s) is causing these to show as open?
2811 running c2800nm-advipservicesk9-mz.124-15.T3.bin
08-12-2011 03:01 PM
Have you disabled these ports at the workstation/server level ?
How many routers do you have on your network ?
08-12-2011 07:40 PM
TCP Ports 2001, 6001, 9001 turned out to be due to the AUX port configuration. Changing the AUX port to TRANSPORT INPUT NONE corrected those.
Now, any ideas on 1720?
08-13-2011 05:52 AM
hi,
H.323 is VoIP control protocol. what IOS version are you running? Is this a voice gateway or gatekeeper?
Regards.
Alain.
08-13-2011 03:13 PM
2811 running c2800nm-advipservicesk9-mz.124-15.T3.bin
Router is neither gateway or a gatekeeper, at least not by design. Out of the box, with a very basic configuration when we noticed tcp 1720.
Only configuration item we see is
voice-card 0
no dsparm
09-07-2011 06:52 PM
Turns out tcp 1720 was NOT open and it was a firewall that was answering on behalf of the router. Firewall rule updates corrected the issue.
Problem solved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide