Disable tcp ports 1720, 2001, 6001, 9001 - how?

kstamandk · ‎08-12-2011

NERC CIP standards require us to disable unnecessary ports on routers. NMAP SCANs showing;

1720/tcp open H.323/Q.931

2001/tcp open dc

4001/tcp open unknown

6001/tcp open X11:1

9001/tcp open tor-orport

Can anyone point me or reply with commands to disable whatever service(s) is causing these to show as open?

2811 running c2800nm-advipservicesk9-mz.124-15.T3.bin

vmiller · ‎08-12-2011

Have you disabled these ports at the workstation/server level ?

How many routers do you have on your network ?

kstamandk · ‎08-12-2011

TCP Ports 2001, 6001, 9001 turned out to be due to the AUX port configuration. Changing the AUX port to TRANSPORT INPUT NONE corrected those.

Now, any ideas on 1720?

cadet alain · ‎08-13-2011

hi,

H.323 is VoIP control protocol. what IOS version are you running? Is this a voice gateway or gatekeeper?

Regards.

Alain.

Don't forget to rate helpful posts.

kstamandk · ‎08-13-2011

2811 running c2800nm-advipservicesk9-mz.124-15.T3.bin

Router is neither gateway or a gatekeeper, at least not by design. Out of the box, with a very basic configuration when we noticed tcp 1720.

Only configuration item we see is

voice-card 0

no dsparm

kstamandk · ‎09-07-2011

Turns out tcp 1720 was NOT open and it was a firewall that was answering on behalf of the router. Firewall rule updates corrected the issue.

Problem solved.