fosiul01
asked on
open ports for cisco 2600 router
Hi
i put this cisco 2600 router on line.
when i was doing namp from another network to my network
it was saying
PORT STATE SERVICE
23/tcp open telnet
50001/tcp open unknown
then when i did telnet to 23, it took to to login section of cisco router
but i dont know what this 50001 is doing.
(a)what this 50001 do for cisco router ??
(b)also, can not i disallow ppl to telnet port 23 ??
(c)how do you see all open ports in this cisco router /?
i put this cisco 2600 router on line.
when i was doing namp from another network to my network
it was saying
PORT STATE SERVICE
23/tcp open telnet
50001/tcp open unknown
then when i did telnet to 23, it took to to login section of cisco router
but i dont know what this 50001 is doing.
(a)what this 50001 do for cisco router ??
(b)also, can not i disallow ppl to telnet port 23 ??
(c)how do you see all open ports in this cisco router /?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This port is for 50001/TCP UPnPWindows network device interoperability.
You can get the info of UPnP from here.
http://en.wikipedia.org/wiki/Universal_Plug_and_Play
You can get the info of UPnP from here.
http://en.wikipedia.org/wiki/Universal_Plug_and_Play
ASKER
but whts the relation between 50001 with Cisco router ??
this router is connected to the Isp modem , from this router we have a firewall (pfsense)
so isp->cisco router-> pfsense
from cisco router only port 25 is goign to pfsense and from pfsense to internal server
nothing else
so why port scanner showing 50001 is running ??( but its unable to find serivces ) if i can telnet to port 50001, i can connect
this router is connected to the Isp modem , from this router we have a firewall (pfsense)
so isp->cisco router-> pfsense
from cisco router only port 25 is goign to pfsense and from pfsense to internal server
nothing else
so why port scanner showing 50001 is running ??( but its unable to find serivces ) if i can telnet to port 50001, i can connect
Can you be sure that the port number is 50001 and not 5001
Because if for 5001 then this port is for 5001/TCP,UDP Iperf (Tool for measuring TCP and UDP bandwidth performance)
Meanwhile you can check this out for the known ports
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
ASKER
its 5001
and i am 90% sure its something for cisco router.
so whats command do you use to see what ports are open or what running on what ports on cisco router ??
and i am 90% sure its something for cisco router.
so whats command do you use to see what ports are open or what running on what ports on cisco router ??
ASKER
this is result from hackers target .com
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
23/tcp open telnet?
25/tcp open smtp?
79/tcp open finger?
50001/tcp open unknown
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
23/tcp open telnet?
25/tcp open smtp?
79/tcp open finger?
50001/tcp open unknown
sh ip sockets
sh ip sockets say which ports are used....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Now, only cisco router is connected to the isp modem nothing else
Still now i can telnet to port 50001
so that means this port is running on cisco router
and
EV-Router#sh ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- xx.xx.xx.81 67 0 0 89 0
17 0.0.0.0 0 xx.xx.xx.81 68 0 0 1 0
xx.xx.xx.81 is the pubic ip in the router
Still now i can telnet to port 50001
so that means this port is running on cisco router
and
EV-Router#sh ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- xx.xx.xx.81 67 0 0 89 0
17 0.0.0.0 0 xx.xx.xx.81 68 0 0 1 0
xx.xx.xx.81 is the pubic ip in the router
ASKER
@nasirsh
Are you sing any kind of snmp on your router,. ? how would i know ?? whats the command to check it ??
Are you sing any kind of snmp on your router,. ? how would i know ?? whats the command to check it ??
Check the config...use something like:
sh run | i snmp
This will feed you back all entries for snmp
the i is short for include
sh run | i snmp
This will feed you back all entries for snmp
the i is short for include
Any bandwidth monitoring software you are using or its enabled in your firewall
ok, the on the router the DHCP service running, it seems, that the router eanbling pat to 50001 please show us the whole config.....
ASKER
sh running-config | include snmp
does not show anything
@naris, currently, this is only cisro router and isp modem thats it
does not show anything
@naris, currently, this is only cisro router and isp modem thats it
ASKER
show running-config
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname EV-Router
!
enable secret 5 $1$MBRi/
enable password 7 0A04
!
!
!
!
!
memory-size iomem 10
ip subnet-zero
ip name-server 192.168.1.254
!
!
!
!
interface Ethernet0/0
ip address dhcp
ip nat outside
!
interface Ethernet0/1
description router-to-ipcop
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
ip default-gateway .82
ip nat inside source list NAT_ADDRESS interface Ethernet0/0 overload
ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 .82
no ip http server
!
!
ip access-list standard NAT_ADDRESS
permit 192.168.2.0 0.0.0.255
banner motd ^C
************************** **
this is a secure router,Unauthorized logins are
restricted.
************************** **
^C
!
line con 0
password 7 0D
logging synchronous
login
transport input none
line aux 0
line vty 0 4
exec-timeout 20 0
password 7 10D0C
logging synchronous
login
!
no scheduler allocate
end
EV-Router#
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname EV-Router
!
enable secret 5 $1$MBRi/
enable password 7 0A04
!
!
!
!
!
memory-size iomem 10
ip subnet-zero
ip name-server 192.168.1.254
!
!
!
!
interface Ethernet0/0
ip address dhcp
ip nat outside
!
interface Ethernet0/1
description router-to-ipcop
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
ip default-gateway .82
ip nat inside source list NAT_ADDRESS interface Ethernet0/0 overload
ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 .82
no ip http server
!
!
ip access-list standard NAT_ADDRESS
permit 192.168.2.0 0.0.0.255
banner motd ^C
**************************
this is a secure router,Unauthorized logins are
restricted.
**************************
^C
!
line con 0
password 7 0D
logging synchronous
login
transport input none
line aux 0
line vty 0 4
exec-timeout 20 0
password 7 10D0C
logging synchronous
login
!
no scheduler allocate
end
EV-Router#
Looks pretty standard to me....why do you have 2 static default routes in there? I noticed elsewhere that port 50001 is sometimes used by remote TAC for access tol troubleshoot. Having said that, I have never in my cisco time seen that used.
What happens if you open a web browser on that port?
ASKER
What happens if you open a web browser on that port? : its connect but nothing shoes up
What happens if you conduct a simple ISO change on the router? is that possible to do?
it seems that the router not opened the 50001 port.....
ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
ASKER
@dbtouraust , what iso you want me to install ???
@ikalmar : yap thats the thing is bugging me. why its telneted to port 50001
@ikalmar : yap thats the thing is bugging me. why its telneted to port 50001
He wants to upgrade you the IOS on the router....
ASKER
i understand that, but what version of ios ??
here is the version from the router
EV-Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64
ROM: System Bootstrap, Version 11.3(2)XA3, PLATFORM SPECIFIC RELEASE SOFTWARE (f c1)
EV-Router uptime is 1 hour, 6 minutes
System returned to ROM by error - a SegV exception, PC 0x802B528C
System image file is "flash:c2600-i-mz.121-2.T. bin"
cisco 2611 (MPC860) processor (revision 0x202) with 22528K/2048K bytes of memory .
Processor board ID JAB0307074L (2246135598)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
here is the version from the router
EV-Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64
ROM: System Bootstrap, Version 11.3(2)XA3, PLATFORM SPECIFIC RELEASE SOFTWARE (f c1)
EV-Router uptime is 1 hour, 6 minutes
System returned to ROM by error - a SegV exception, PC 0x802B528C
System image file is "flash:c2600-i-mz.121-2.T.
cisco 2611 (MPC860) processor (revision 0x202) with 22528K/2048K bytes of memory .
Processor board ID JAB0307074L (2246135598)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
System image file is "flash:c2600-i-mz.121-2.T. bin"
ASKER
from the version attached before,
"flash:c2600-i-mz.121-2.T. bin"
is installed
now you saying to install
"flash:c2600-i-mz.121-2.T. bin"
is not the same ios??
"flash:c2600-i-mz.121-2.T.
is installed
now you saying to install
"flash:c2600-i-mz.121-2.T.
is not the same ios??
I advise to use another port scanner, I think the 50001 port is closed....
ASKER
if i telnet myself from outside of my network to this cisco router
its connected,
telnet public-ip-of-server 50001
its does connect
even :
http://publiip-of-cisco-router:50001
its does connect
its connected,
telnet public-ip-of-server 50001
its does connect
even :
http://publiip-of-cisco-router:50001
its does connect
Any version of IOS close to the one you are running. Do you have access to download another ISO from Cisco?
ASKER
yes, i have access to Cisco Ios,
you tel me what ios i need and why i need to upgrade ios ??
you tel me what ios i need and why i need to upgrade ios ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
could you show us the:
sh ip sockets
sh run
commands output?
Best regards,
Istvan