• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1447
  • Last Modified:

open ports for cisco 2600 router

Hi

i put this cisco 2600 router on line.

when i was doing namp from another network to my network
it was saying

PORT      STATE SERVICE
23/tcp    open  telnet
50001/tcp open  unknown

then when i did telnet to 23, it took to to login section of cisco router

but i dont know what this 50001 is doing.

(a)what this 50001 do for cisco router ??
(b)also, can not i disallow ppl to telnet port 23 ??
(c)how do you see all open ports in this cisco router /?

0
fosiul01
Asked:
fosiul01
  • 13
  • 9
  • 6
  • +1
3 Solutions
 
Istvan KalmarHead of IT Security Division Commented:
HI,

could you show us the:

sh ip sockets
sh run

commands output?

Best regards,
Istvan
0
 
dbtouraustCommented:
As far as no telent to the device goes, you need to add an access control list (ACL) on the vty lines of your router.

login to your router and enter privileged exec mode then:


conf t
line vty 0 4
password <enter yours here>
login

CTRL-Z will exit config mode. Then wr to save it

This ensures telnet access to the router, but, judging by what you havce said, this probably already exists. Next step is to apply an access list to the vty lines:

First of all create the access list. Depending on what IOS you are running on the router will define what type of list(s) you can use but we'll just use a standard list.

ip access-list standard 23
permit <ip address here> <wildcard mask here>

CTRL-Z to exit

Now, wildcard mask is the subnet mask in reverse....normally, a valid single host mask is 255.255.255.255, so to get a wildcard mask simply subtract 255 from every valid octet. In the above a valid entry would be something like:

permit 192.168.50.20 0.0.0.0    <- this allows the single host 192.168.50.20 to telent (once we have applied the list, see bwlow)

If you wanted a whole class C to access:

permit 192.168.50.0 0.0.0.255 ...hope that makes sense?

To apply the list to the vty lines:

conf t
line vty 0 4
access-class 23 in

CTRL-Z to exit, and then save

The above states that access list 23 isa llowed to access those lines, inbound. We defined 23 in the access-list as a name for the ACL when we created it.




As for 50001...not sure.

What ports are open on the router? Grab any free/well known port scanner and run it against the IP of the router...there shouldn't be anything other than:

80,443,22 and 23 open


0
 
nasirshCommented:
This port is for 50001/TCP       UPnPWindows network device interoperability.
 You can get the info of UPnP from here.

http://en.wikipedia.org/wiki/Universal_Plug_and_Play
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fosiul01Author Commented:
but whts the relation between 50001 with Cisco router ??

this router is connected to the Isp modem , from this router we have  a firewall (pfsense)

so isp->cisco router-> pfsense

from cisco router only port 25 is goign to pfsense and from pfsense to internal server

nothing else

so why port scanner showing 50001  is running ??( but its unable to find serivces ) if i can telnet to port  50001, i can connect


0
 
nasirshCommented:
Can you be sure that the port number is 50001 and not 5001
0
 
nasirshCommented:
Because if for 5001 then this port is for 5001/TCP,UDP       Iperf (Tool for measuring TCP and UDP bandwidth performance)
0
 
nasirshCommented:
Meanwhile you can check this out for the known ports
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
0
 
fosiul01Author Commented:
its 5001

and i am 90% sure its something for cisco router.

so whats command do you use to see what ports are open or what running on what ports on cisco router ??

0
 
fosiul01Author Commented:
this is result from hackers target .com

Not shown: 995 closed ports
PORT      STATE    SERVICE VERSION
22/tcp    filtered ssh
23/tcp    open     telnet?
25/tcp    open     smtp?
79/tcp    open     finger?
50001/tcp open     unknown


0
 
Istvan KalmarHead of IT Security Division Commented:
sh ip sockets
0
 
Istvan KalmarHead of IT Security Division Commented:
sh ip sockets say which ports are used....
0
 
nasirshCommented:
Are you sing any kind of snmp on your router,.
0
 
fosiul01Author Commented:
Now, only cisco router is connected to the isp modem nothing else

Still now i can telnet to port 50001

so that means this port is running on cisco router

and

EV-Router#sh ip sockets
Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF
 17   --listen--          xx.xx.xx.81       67   0   0   89   0
 17 0.0.0.0             0 xx.xx.xx.81       68   0   0    1   0


xx.xx.xx.81 is the pubic ip in the router
0
 
fosiul01Author Commented:
@nasirsh

Are you sing any kind of snmp on your router,. ? how would i know ?? whats the command to check it ??

0
 
dbtouraustCommented:
Check the config...use something like:

sh run | i snmp

This will feed you back all entries for snmp

the i is short for include
0
 
nasirshCommented:
Any bandwidth monitoring software you are using or its enabled in your firewall
0
 
Istvan KalmarHead of IT Security Division Commented:
ok, the on the router the DHCP service running, it seems, that the router eanbling pat to 50001 please show us the whole config.....
0
 
fosiul01Author Commented:
sh running-config | include snmp

does not show anything


@naris, currently, this is only cisro router and isp modem thats it


0
 
fosiul01Author Commented:
show running-config
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname EV-Router
!
enable secret 5 $1$MBRi/
enable password 7 0A04
!
!
!
!
!
memory-size iomem 10
ip subnet-zero
ip name-server 192.168.1.254
!
!
!
!
interface Ethernet0/0
 ip address dhcp
 ip nat outside
!
interface Ethernet0/1
 description router-to-ipcop
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
ip default-gateway .82
ip nat inside source list NAT_ADDRESS interface Ethernet0/0 overload
ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 .82
no ip http server
!
!
ip access-list standard NAT_ADDRESS
 permit 192.168.2.0 0.0.0.255
banner motd ^C
****************************
this is a secure router,Unauthorized logins are
restricted.
****************************
^C
!
line con 0
 password 7 0D
 logging synchronous
 login
 transport input none
line aux 0
line vty 0 4
 exec-timeout 20 0
 password 7 10D0C
 logging synchronous
 login
!
no scheduler allocate
end

EV-Router#
0
 
dbtouraustCommented:
Looks pretty standard to me....why do you have 2 static default routes in there? I noticed elsewhere that port 50001 is sometimes used by remote TAC for access tol troubleshoot. Having said that, I have never in my cisco time seen that used.
0
 
dbtouraustCommented:
What happens if you open a web browser on that port?
0
 
fosiul01Author Commented:
What happens if you open a web browser on that port?  : its connect but nothing shoes up


0
 
dbtouraustCommented:
What happens if you conduct a simple ISO change on the router? is that possible to do?
0
 
Istvan KalmarHead of IT Security Division Commented:
it seems that the router not opened the 50001 port.....

ip nat inside source static tcp 12.2 25 interface Ethernet0/0 25
ip nat inside source static tcp 12 22 interface Ethernet0/0 22
ip nat inside source static tcp 192.2 80 interface Ethernet0/0 80
0
 
fosiul01Author Commented:
@dbtouraust , what iso you want me to install ???


@ikalmar : yap thats the thing is bugging me. why its telneted to port 50001


0
 
Istvan KalmarHead of IT Security Division Commented:
He wants to upgrade you the IOS on the router....
0
 
fosiul01Author Commented:
i understand that, but what version of ios ??

here is the version from the router


EV-Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T,  RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA3, PLATFORM SPECIFIC RELEASE SOFTWARE (f                                             c1)

EV-Router uptime is 1 hour, 6 minutes
System returned to ROM by error - a SegV exception, PC 0x802B528C
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 22528K/2048K bytes of memory                                             .
Processor board ID JAB0307074L (2246135598)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


0
 
Istvan KalmarHead of IT Security Division Commented:
System image file is "flash:c2600-i-mz.121-2.T.bin"
0
 
fosiul01Author Commented:
from the version attached before,

"flash:c2600-i-mz.121-2.T.bin"
  is installed
now you saying to install

"flash:c2600-i-mz.121-2.T.bin"
is not the same ios??
0
 
Istvan KalmarHead of IT Security Division Commented:
I advise to use another port scanner, I think the 50001 port is closed....
0
 
fosiul01Author Commented:
if i telnet myself  from outside of my network to this cisco router

its connected,

telnet public-ip-of-server 50001

its does connect

even :

http://publiip-of-cisco-router:50001

its does connect
0
 
dbtouraustCommented:
Any version of IOS close to the one you are running. Do you have access to download another ISO from Cisco?
0
 
fosiul01Author Commented:
yes, i have access to Cisco Ios,

you tel me what ios i need and why i need to upgrade ios ??
0
 
Istvan KalmarHead of IT Security Division Commented:
what shows when you connect to 50001?
Did you reloaded the router?
If you have access cisco cco please upgrade the latest MD sw....
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 9
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now