12-18-2007 12:11 PM - edited 02-20-2020 09:39 PM
Hi,
I configured a few voice routers that are directly exposed on Internet. They have access-lists that denies all the sip and h.323 traffic. When I'm scanning the router for example with nmap (syn scan) I get message that the port is open (administratively filtered). I just want to deny any responses on that ports like the and hide my router at all. Is there a way to do that?
Thank you in advance.
Regards,
Zdravkov
12-18-2007 03:44 PM
you need to use the --packet-trace option of nmap to see what, if anything, is actually being returned by the router. By default, I believe Cisco routers will reply with a helpful ICMP message. You can filter outbound ICMP using an ACL. You may be able to selectively disable certain ICMP types via a more global setting too. Post this question to the firewall group with your router model and IOS version and you're sure to get a good response.
12-18-2007 11:58 PM
Thank you very much. If I don't find any better ideias I'm going to filter the outgoing icmps.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: