Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS Sensor Port Utilization

I was just wondering if anyone could clarify for me, the specific use of ports on Cisco IDS Sensors. I have noticed that the sensors respond to requests on the following Services/Ports: SSH, ICMP, UDP-514, UDP-515.

I would like to know specifically what tasks are performed using these ports, and what devices are allowed to connect to these ports. i.e. Are only the 'allowed hosts' permitted to utilize SSH, and is it just through a manual process or does it also occur behind the scenes?

Any info will be greatly appreciated!

Thanks,

Don

1 REPLY
Silver

Re: IDS Sensor Port Utilization

Hi,

UDP Port 514 is for syslog TCP Port 514 is for rsh

UDP) Receives incoming 'syslog' messages and logs them to a database. The 'syslogd' is one of the more important daemons running on a UNIX host. A common hacker technique is to flood messages at the syslog daemon in hopes to fill up its queue. Client ports are both above and below port 1023.

(TCP) rsh (remote shell) sends a command to a shell on the remote machine and receives the stderr and stdout from it.

Port 515 lp, lpr, line printer

TCP: line printer

This is the primary port for UNIX systems for printing services.

UDP: syslog

This port is sometimes used instead of port 514/udp for syslog messages, especially in Cisco environments

ANd you know for SSH and ICMP for what would be the purpose.

Yes the "allowed hosts" will have entry for hosts to be allowd for SSH

Thanks

Nadeem

88
Views
0
Helpful
1
Replies
CreatePlease to create content