Re: Disable port TCP 5060 and 1720

alanchia2000 · ‎09-26-2006

Our company owns a Cisco 2821 router. Doing an nmap scan on the router shows 2 open ports, TCP port 5060 and 1720. Can I stop the services listening on those ports? Any advice is appreciated.

Thank you.

jackyoung · ‎09-26-2006

Please follow below link to apply the access-control to the interface which is scanned by the nmap. However, you have to ensure there is no application using this port and no impact to the production network.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c0.html

e.g.

access-list 101 deny tcp any any eq 1720

access-list 101 deny tcp any any eq 5060

access-list 101 permit ip any any

interface ethernet 0

ip access-group 101 in

The TCP 1720 is used by H.323 & H.255; the TCP 5060 is used by IP Phone Call Manager SIP.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801a62b9.shtml

Hope this helps.

alanchia2000 · ‎09-26-2006

Thanks for the advice. I am attempting to harden the routers, therefore, I need to stop those services on the router. Although having an access-list could do the job, but that would mean that I have one more access list to maintain.

Is there a way to disable those services ?

jackyoung · ‎09-26-2006

Sorry I did not use nmap before, so I don't know its operation and how to scan the port.

However, the router default opens all ports, so use the ACL to limit the access is required. The router default does not have such services enabled (H.323 & SIP) but it does allow those traffic to pass through, so if we want to avoid the attack via those ports, we have to block it by using ACL.

Hope this helps.