udp port 49

Answered Question
Apr 19th, 2007

HI,

We recently ran a scan of some of our core routers and found udp port 49 open on a cisco 6509. Cisco docs mention xtacacs uses this port. Why is this port open ? Which service is using it?

I have this problem too.
0 votes
Correct Answer by eofelt about 9 years 8 months ago

Good stuff!

I hope I helped in the right direction or

at least confirmed what you already knew.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
luqmankondeth Thu, 04/19/2007 - 08:44

to give an update,

I scanned more routers and all of them had udp port 49 open. Interestingly the first time I ran it on a certain router it wasnt open , but the second time I ran the same nmap, it was open!!!

Any ideas?

eofelt Thu, 04/19/2007 - 09:56

It's a UDP Broadcast Forwarding by Cisco's IP Helper.

If an IP helper address is specified and UDP forwarding is enabled, broadcast packets destined to the following port numbers are forwarded by default.

TACACS does use Port 49

HTH, Please rate

luqmankondeth Thu, 04/19/2007 - 10:50

Well, I thought so too, in the beginning, But ive checked the configs of all routers for the helper address commands. I havent found any...

Now, May b I should disable directed broadcasts on that IP address & udp forwarding even though its not configured to begin with...

eofelt Tue, 05/01/2007 - 05:56

Did that resolve your issue?

If so, please rate.

luqmankondeth Thu, 05/03/2007 - 05:38

ive finally come to the conclusion that its tacacs, or rather cisco's implementation of it==xtacacs that uses udp49.

i found that only on routers enabled for aaa is the port 49 open (all our aaa implementations use tacacs)

though not all questions have been answered bout this issue, im letting it rest for the moment.

Correct Answer
eofelt Thu, 05/03/2007 - 06:43

Good stuff!

I hope I helped in the right direction or

at least confirmed what you already knew.

Actions

This Discussion