the acl is being applied to my wan interface (hand off from isp). i've applied it using ip access-group <name> in
i am performing the scan from an off site location on the external ip address (wan interface). The scan was done on TCP. let me know if you need additional info. cheers, abs --- On Tue, 12/22/09, Steve Bertrand <st...@ibctech.ca> wrote: From: Steve Bertrand <st...@ibctech.ca> Subject: Re: [c-nsp] Port 1720 & 1863 To: "abs" <abhishak...@yahoo.com> Cc: cisco-nsp@puck.nether.net Date: Tuesday, December 22, 2009, 6:34 PM abs wrote: > ip access-list extended WANInBoundACL > permit udp any range bootps bootpc any range bootps bootpc > permit tcp any any established > permit udp any eq domain any > permit tcp any any eq 22 > deny ip any any log > > When I run a port scan I see port 1720 as well as port 1863 open. Port 1863 > tends to open and close at random (don't understand why). I realize that I > may need to add an explicit entry in the ACL's for port 1720 as the service > runs by default given the version of IOS that I am running. > > What I am failing to understand is why the above 2 ports are open even though > I have a deny all statement at the end of the ACL. Am I misunderstanding > something? Would someone be able to point me in the right direction? Thank > you in advance. What interface do you have this ACL applied on, and how is it applied? Further, where are you scanning from (connected to which interface), and which address are you scanning? ie. are you scanning the IP address of the interface itself, or an address behind the interface the ACL is applied against? Is your scan UDP or TCP? Steve _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/