Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2417
Views
0
Helpful
5
Replies

ports (vulnerability scan)

Go to solution
gvega0009
Level 1
Level 1

‎10-06-2014 02:31 PM - edited ‎02-21-2020 05:18 AM

I ran a vulnerability scan on a 2960 switch and some "ports" (I don't even know if this is the right way to call them) showed being open or that needed to be reviewed. I really need to know what they are and if I need to keep them or need to get rid of them. How do you disable "ports" (I am not talking about the actual ports on the switch ex. gig1/0/1) on a cisco switch? The ports are 4786 tcp, 67 udp, 161 udp, 162 udp, 1975 udp, 2228 udp, and 49688 udp.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2014 02:48 PM

udp/67 is bootp (used by DHCP). The switch listens on that port if it is either a DHCP server itself or is setup to provide "ip helper" service which is used to translate local segment end users broadcasts to a unicast packet which is then forwarded to your DHCP server elsewhere.

udp 161 and 162 are used by SNMP. Best practice has SNMP restricted to SNMP v3 (with authentication and privacy or encryption) and an access-list applied to define your permitted SNMP servers.

The high numbered ports are usually a sign that the device (or a user session on it) is logged into something remotely and that's the random port is selected from the >1024 range (sometimes known as "ephemeral" ports since they come and go somewhat at random) to use as its source port. As long as the session is open, the devices will be "listening" on that port for replies.

 

Good link for port number reference.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gvega0009

‎06-03-2015 08:58 AM

You're welcome.

Please rate or mark correct if it answers your question.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2014 02:48 PM

udp/67 is bootp (used by DHCP). The switch listens on that port if it is either a DHCP server itself or is setup to provide "ip helper" service which is used to translate local segment end users broadcasts to a unicast packet which is then forwarded to your DHCP server elsewhere.

udp 161 and 162 are used by SNMP. Best practice has SNMP restricted to SNMP v3 (with authentication and privacy or encryption) and an access-list applied to define your permitted SNMP servers.

The high numbered ports are usually a sign that the device (or a user session on it) is logged into something remotely and that's the random port is selected from the >1024 range (sometimes known as "ephemeral" ports since they come and go somewhat at random) to use as its source port. As long as the session is open, the devices will be "listening" on that port for replies.

 

Good link for port number reference.

0 Helpful

Go to solution
gvega0009
Level 1
Level 1
In response to Marvin Rhoads

‎06-03-2015 08:57 AM

Thanks for your reply!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gvega0009

‎06-03-2015 08:58 AM

You're welcome.

Please rate or mark correct if it answers your question.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎10-06-2014 03:06 PM

The most effective way to disable those ports is on a firewall.

0 Helpful

Go to solution
gvega0009
Level 1
Level 1
In response to Leo Laohoo

‎06-03-2015 08:56 AM

Thanks for your reply!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card