cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1036
Views
0
Helpful
3
Replies
Highlighted
Beginner

Catalyst Block/Filtering CDP on ports

Hi all,

is there any way to filter cdp throught acces ports on catalyst switches? We have virus on site which is searching for other devices throught CDP protocol or Mikrotic neighbour.

If i block - MAC Protocol 800 ,packet type Boadcast in mikrotik Bridge, i can stop the UBIQUITY Virus.

Bud how to stop them throught catalyst switches on FTTA - fiber to the antenna sites?

We are using catalyst 3560x,2960s.... Lan BASE

Thank you

dave

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

Hi

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

VIP Mentor

To be honest never tried to

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

3 REPLIES 3
VIP Mentor

Hi

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

Beginner

Hi Mark,

Hi Mark,

i dont think that is tcp.

I dont want to disable cdp on port i want to filted and deny it throught port fog eg with acl in catalyst.

linke filter rule in Mikrotik : MAC Protocol 800 ,packet type Boadcast - Drop


Dave

VIP Mentor

To be honest never tried to

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards