cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2608
Views
0
Helpful
3
Replies

Catalyst Block/Filtering CDP on ports

David Kondicz
Level 1
Level 1

Hi all,

is there any way to filter cdp throught acces ports on catalyst switches? We have virus on site which is searching for other devices throught CDP protocol or Mikrotic neighbour.

If i block - MAC Protocol 800 ,packet type Boadcast in mikrotik Bridge, i can stop the UBIQUITY Virus.

Bud how to stop them throught catalyst switches on FTTA - fiber to the antenna sites?

We are using catalyst 3560x,2960s.... Lan BASE

Thank you

dave

2 Accepted Solutions

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

View solution in original post

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

View solution in original post

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

Hi

Can you not turn off cdp per port basis or globally no cdp enable/  no cdp run  until you remove thevirus

it uses 4224 TCP as well

Hi Mark,

i dont think that is tcp.

I dont want to disable cdp on port i want to filted and deny it throught port fog eg with acl in catalyst.

linke filter rule in Mikrotik : MAC Protocol 800 ,packet type Boadcast - Drop


Dave

To be honest never tried to block it like that , I seen the port on couple of websites as TCP 4224 bit it seems unofficial

Did you see this

if your device are Cisco switch you can apply mac access-list which will drop outgoing CDP packets , and because CDP use ARPA code 0x200 , mac access-list will contain : access-list 10 deny 0x2000

http://networkengineering.stackexchange.com/questions/8040/listen-only-stealth-cdp-on-ios

known port assignments and vulnerabilities

threat/application/port search:
 search
Port(s) Protocol Service Details Source
4224 tcp,udp applications A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332]
SG
4224 tcp

Cisco CDP Cisco discovery Protocol (unofficial)

Review Cisco Networking for a $25 gift card