Re: [c-nsp] Port 1720 & 1863

[Adam Strawson]

Do you really need "permit tcp any any established" or can you be more 
specific?  I'd bet that is causing what you are seeing.

Adam.
----- Original Message ----- 
From: "abs" <abhishak...@yahoo.com>
To: "Steve Bertrand" <st...@ibctech.ca>; "Jared Mauch" 
<ja...@puck.nether.net>
Cc: <cisco-nsp@puck.nether.net>
Sent: Wednesday, December 23, 2009 12:02 AM
Subject: Re: [c-nsp] Port 1720 & 1863


i tried what you mentioned that did not seem to close the port. i also tried 
the following in the config but that didn't seem to work either:

voice service voip
shutdown

any other thoughts?

--- On Tue, 12/22/09, Jared Mauch <ja...@puck.nether.net> wrote:

From: Jared Mauch <ja...@puck.nether.net>
Subject: Re: [c-nsp] Port 1720 & 1863
To: "Steve Bertrand" <st...@ibctech.ca>
Cc: "abs" <abhishak...@yahoo.com>, cisco-nsp@puck.nether.net
Date: Tuesday, December 22, 2009, 6:38 PM

You can close h.323 (1720) with a config like:

!
voice service voip
h323
call service stop
!

- Jared

On Dec 22, 2009, at 6:34 PM, Steve Bertrand wrote:

abs wrote:

ip access-list extended WANInBoundACL
permit udp any range bootps bootpc any range bootps bootpc
permit tcp any any established
permit udp any eq domain any
permit tcp any any eq 22
deny ip any any log

When I run a port scan I see port 1720 as well as port 1863 open. Port 
1863 tends to open and close at random (don't understand why). I realize 
that I may need to add an explicit entry in the ACL's for port 1720 as 
the service runs by default given the version of IOS that I am running.

What I am failing to understand is why the above 2 ports are open even 
though I have a deny all statement at the end of the ACL. Am I 
misunderstanding something? Would someone be able to point me in the 
right direction? Thank you in advance.

What interface do you have this ACL applied on, and how is it applied?

Further, where are you scanning from (connected to which interface), and
which address are you scanning? ie. are you scanning the IP address of
the interface itself, or an address behind the interface the ACL is
applied against?

Is your scan UDP or TCP?

Steve
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/ 

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/