cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2228
Views
0
Helpful
3
Replies

Catalyst Block/Filtering CDP on ports

David Kondicz
Level 1
Level 1

Hi all,

is there any way to filter cdp throught acces ports on catalyst switches? We have virus on site which is searching for other devices throught CDP protocol or Mikrotic neighbour.

If i block - MAC Protocol 800 ,packet type Boadcast in mikrotik Bridge, i can stop the UBIQUITY Virus.

Bud how to stop them throught catalyst switches on FTTA - fiber to the antenna sites?

We are using catalyst 3560x,2960s.... Lan BASE

Thank you

dave

2 Accepted Solutions

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

View solution in original post

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

View solution in original post

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

Hi Mark,

i dont think that is tcp.

I dont want to disable cdp on port i want to filted and deny it throught port fog eg with acl in catalyst.

linke filter rule in Mikrotik : MAC Protocol 800 ,packet type Boadcast - Drop


Dave

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: