Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
10
Helpful
7
Replies

Cisco 2801 security issue - open ports

Go to solution
Alex_Kitaichik
Level 1
Level 1

‎01-26-2012 07:26 AM - edited ‎03-04-2019 03:01 PM

Hello all,

I have some strange issue with my cisco 2801:

The router has 2 interfaces with legal PA addresses - one to ISP and one to my LAN.

There is no nat configuration on this router.

When I run nmap scanning on IP address that configured on LAN interface - I can see 2 open ports - 1720 and 5060.

The router IOS version is 12.3(14)T2 .

Any guess?

Alexander

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
7 Replies 7

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-26-2012 07:28 AM

Hi Alex,

It would be helpful to see your configuration. However, the 5060 is the SIP port, and 1720 is used by H.323. Are any of these services running on your device?

Best regards,

Peter

0 Helpful

Go to solution
Alex_Kitaichik
Level 1
Level 1
In response to Peter Paluch

‎01-26-2012 07:45 AM

I can't send you a full configuration because of security policy of my company but I can to post a relevant parts of configuration.

I want to be clear, there is no NAT configured on router and I scanned the LAN interface - so I guess it is impossible that any of this ports will be opened. Anyway I don't have any of these services runs on router and no in LAN.

Alexander

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Alex_Kitaichik

‎01-26-2012 08:16 AM

Hi,

to see open ports on your router you can do both commands:

-sh ip sockets  (  for non TCP ports)

- sh  tcp brief all

Regards.

Alain

Don't forget to rate helpful posts.

Go to solution
johnlloyd_13
Level 9
Level 9
In response to cadet alain

‎01-26-2012 07:38 PM

Hi Alain,

I've been searching for a while for these commands. Good find! +5

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Alex_Kitaichik
Level 1
Level 1
In response to johnlloyd_13

‎01-26-2012 11:34 PM

Acctually I can see next situation on my router:

Router#sh tcp brief all

TCB       Local Address           Foreign Address        (state)

6473E0DC  *.1720                  *.*                    LISTEN

64D9A5E4  *.5060                  *.*                    LISTEN

64BFB57C  *.1723                  *.*                    LISTEN

How can I know what service opens these ports? How can I manage/change this situation?

Alexander

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Alex_Kitaichik

‎01-26-2012 11:54 PM

Hi,

https://supportforums.cisco.com/docs/DOC-3031

Regards.

Alain

Don't forget to rate helpful posts.

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to cadet alain

‎01-26-2012 11:55 PM

Alain,

Nice one!

Best regards,

Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card