Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
223
Views
0
Helpful
1
Replies

IDS Sensor Port Utilization

dblairii
Level 1
Level 1

‎10-22-2003 08:28 AM - edited ‎03-09-2019 05:14 AM

I was just wondering if anyone could clarify for me, the specific use of ports on Cisco IDS Sensors. I have noticed that the sensors respond to requests on the following Services/Ports: SSH, ICMP, UDP-514, UDP-515.

I would like to know specifically what tasks are performed using these ports, and what devices are allowed to connect to these ports. i.e. Are only the 'allowed hosts' permitted to utilize SSH, and is it just through a manual process or does it also occur behind the scenes?

Any info will be greatly appreciated!

Thanks,

Don

Labels:
0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎10-22-2003 03:30 PM

Hi,

UDP Port 514 is for syslog TCP Port 514 is for rsh

UDP) Receives incoming 'syslog' messages and logs them to a database. The 'syslogd' is one of the more important daemons running on a UNIX host. A common hacker technique is to flood messages at the syslog daemon in hopes to fill up its queue. Client ports are both above and below port 1023.

(TCP) rsh (remote shell) sends a command to a shell on the remote machine and receives the stderr and stdout from it.

Port 515 lp, lpr, line printer

TCP: line printer

This is the primary port for UNIX systems for printing services.

UDP: syslog

This port is sometimes used instead of port 514/udp for syslog messages, especially in Cisco environments

ANd you know for SSH and ICMP for what would be the purpose.

Yes the "allowed hosts" will have entry for hosts to be allowd for SSH

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents