Css allow access on tcp port 12176

wilson_1234_2 · ‎10-02-2007

We recently had a penetration test and the CSS was flagged as port 12176 being open on the interface of the CSS device itself.

What is this port used for?

Gilles Dufour · ‎10-02-2007

that's not the CSS.

From my lab:

[root@linux-1 cisco]# !tel

telnet 192.168.30.120 12176

Trying 192.168.30.120...

0.000000 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818741423 TSER=0 WS=0

2.995762 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818741723 TSER=0 WS=0

8.995756 192.168.30.48 -> 192.168.30.120 TCP 4306 > 12176 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1818742323 TSER=0 WS=0

[root@linux-1 cisco]#

wilson_1234_2 · ‎10-03-2007

Thanks for the reply.

Just to learn something:

Are you verifying this by there being no "ack" in the attempt to connect on that port?

Gilles Dufour · ‎10-03-2007

indeed, the SYN stays unanswered by the CSS.

As opposed to a telnet to an open port :

[root@linux-1 cisco]# telnet 192.168.30.120

Trying 192.168.30.120...

Connected to 192.168.30.120 (192.168.30.120).

Escape character is '^]'.

0.000000 192.168.30.48 -> 192.168.30.120 TCP 4311 > telnet [SYN] Seq=0 Ack=0 W in=5840 Len=0 MSS=1460 TSV=1820838209 TSER=0 WS=0

0.001906 192.168.30.120 -> 192.168.30.48 TCP telnet > 4311 [SYN, ACK] Seq=0 Ac k=1 Win=8192 Len=0 MSS=1460

wilson_1234_2 · ‎10-03-2007

Thanks!