Press "Enter" to skip to content

Close Cisco IOS TCP Ports 23, 2002, 4002, 6002, and 9002 from Network Ports Scanning

0

Just found my Cisco 1921 has same problem on ports 2002, 4002, 6002 and 9002, as described on this post.

Symptoms:

Some Cisco Cisco Routers (1900/2900 Series) are answering to the TCP connection attempts (replying SYN-ACKs for the SYN requests) upon TCP ports 2002, 4002, 6002, and 9002.

Some other routers are answering tcp port 23 (telnet).

I used http://ping.eu/port-chk/ to test those ports, ports 2002, 4002, 6002 and 9002 are opening on my CISCO1921 router :

R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot               Local Address             Foreign Address                  Service    State
 tcp                        *:22                         *:0               SSH-Server   LISTEN
 tcp                        *:23                         *:0                   Telnet   LISTEN
 tcp                      *:6002          88.198.46.51:58719            TCP Protocols ESTABLIS
 udp                       *:123                         *:0                      NTP   LISTEN
 udp                      *:4500                         *:0                   ISAKMP   LISTEN
 udp                       *:161                         *:0                  IP SNMP   LISTEN
 udp                       *:162                         *:0                  IP SNMP   LISTEN
 udp                      *:1975                         *:0                      IPC   LISTEN
 udp                     *:57430                         *:0                  IP SNMP   LISTEN
 udp                       *:500                         *:0                   ISAKMP   LISTEN

Solutions:

1. Solution for ports 2002, 4002, 6002 and 9002 will be same as the post mentioned before:

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line 2
Router(config-line)#transport input none
Router(config-line)#end
Router#

2. Solution for port 23:


R#conf t


Enter configuration commands, one per line.  End with CNTL/Z.


R(config)#class-map type port-filter match-any TCP23


R(config-cmap)#match port tcp 23


R(config)#policy-map type port-filter FILTERTCP23


R(config-pmap)#class TCP23


R(config-pmap-c)#drop   


R(config-pmap-c)#log


R(config)#control-plane host


R(config-cp-host)#service-policy type port-filter input FILTERTCP23

*Aug 15 16:31:29: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)
*Aug 15 16:31:30: %CP-6-TCP: DROP TCP/UDP Portfilter  88.198.46.51(57596) -> 61.16.203.24(23)

Reference:

1.PacketU’s Post
2. itcertnotes’ Post

Leave a Reply

%d bloggers like this: