On my Cisco Router, I do a nmap from outside on the Internet. The result is:
" Interesting ports on *.*.50.1:
Not shown: 1676 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
135/tcp filtered msrpc
1524/tcp filtered ingreslock
27665/tcp filtered Trinoo_Master
I am worried about the last two entries. The last nmap was done in Feb this year and I have confirmed that the two ports did not exist.
Though the state "filtered" is a solace but I am still concerned. How can O be sure that the system has not been compromised?
Also the current IOS Version on my Router is 12.4. It was the same case when I was using older v 12.2 on another router, so I thought maybe, it's an IOS issue and I upgraded my Router to 2811 with IOS v 12.4.
But as soon as I plugged it into the circuit, I realsied the nmap again gives the trinoo_master entry with state as filtered.
Where could lie the problem. Is it with my firewall configuration behind the router?
Yes..I know that. But the port wasn't even getting listed when I ran the nmap a few months ago and since then, no changes have taken place, so why does is get listed now? How can I stop it from being listed while I do nmap?
My guess is that your ISP may be blocking those ports due to abuse. I know some ISPs such as COX block a lot of ports to home users, and that's how it shows up. It could mean that you added an ACL on your border router to block those ports, but since it sounds like nothing changed I am guessing it's an ISP in the middle. Where are you scanning from? If it's a home connection, the same applies. Maybe your home provider is blocking the outbound traffic.
If you would like, I could try a scan from my host. If you want me to try, reply and I will e-mail your profile address.
I sent you an e-mail. Are you saying you are scanning from right outside the router scanning to the router? I assumed you were scanning from another Internet host, but if you are scanning while directly connected to the network, then it couldn't be the ISP after all.
Your assumption was correct. I am not scanning directly into the serial port but via a Internet host.
The funy thing is, I tried to run an nmap on another router I know which is supported by same ISP and these ports doesn't show up on the scan though I am not sure if the scan takes the route via same routers in these two cases for it might be that a few set of routers in the ISP farm might be configured to block these ports a few still, might lack the block for Trinoo_Master and Ingress etc.
Oh, sorry. I replied to your e-mail yesterday, but maybe it didn't go through. I did scan your host twice. First I used the defaults from my NMAP, and showed several ports filtered. I then scanned the ports you were concerned about, and they did not show up filtered. That pretty much proves to me that the ISP you are scanning from is filtering the ports (or someone else on the path is). Someone on my end or yours was filtering several other ports I scanned on though.
I'll forward the results over again so I don't post the info here.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :