Unknown open TCP ports on router
Anyone know how to close these open ports on my Cisco 7606 router?
Anyone know what these TCP ports are used for?
49 - Not sure what this one is other than what IANA reports about TCP port 49
4510
4509
2222
I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
Cisco-7606# sh tcp br all
TCB Local Address Foreign Address (state)
12EFC1C0 172.16.8.3.14401 10.8.2.14.49 TIMEWAIT
1CC4F57C 172.16.8.3.26963 10.8.2.14.49 TIMEWAIT
1A419F90 0.0.0.0.4510 *.* LISTEN
1C581740 0.0.0.0.4509 *.* LISTEN
1A417BBC 0.0.0.0.2222 *.* LISTEN
12FB03A8 10.8.10.2.2222 10.8.1.42.4690 CLOSEWAIT
12FB099C 10.8.10.2.2222 10.8.1.42.2233 CLOSEWAIT
12FA7DF0 10.10.0.3.2222 10.8.1.15.4878 CLOSEWAIT
1CD47780 10.10.0.3.2222 10.8.1.15.3917 CLOSEWAIT
1CDDBCE0 10.8.10.2.2222 10.8.1.42.3964 CLOSEWAIT
Cisco-7606# sh ver | i image
System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
Tks
Frank
Frank
I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
I have no insights or suggestions about the other port numbers that you mention.
HTH
Rick
Similar Messages
-
I am having trouble viewing iStore. It appears as if its a Flash issue, as several minutes after logging in to iStore I get a non-flash page of iStore in my iTunes window. I have re-installed everything and tried opening all ports in router, and used msconfig to bring up each service individually to see if there is an effect.Flash and iTunes have been re-installed ...any ideas?
I agree. I don't rely on iCloud as a backup, that is what I have my portable hard drive for. Its 500 GB so I can hold my entire iTunes library several times over on it. I have all my movies on my hard drive, but somehow "The Mist" got deleted off of my hard drive, so I figured "Well, the option to redownload an already purchased movie is available through iCloud, I'll just do that!"
And permissions and download availability have nothing to do with it, the movie's still there, it still allows me to redownload it. The only problem is when I click download, I get that message.
And nobody else uses my computer, but I do have multiple accounts authorized on it. Even still though, I am attepmpting to download it through the account I purchased it under. :/ -
Listing and closing open TCP ports
Hi,
For security reasons I would like to have as few open TCP ports as possible on my iMac, leaving open only those that I feel are worthwhile having enabled. How can I go about to
a) identify which TCP ports are currently open on the system
b) identify the processes that have opened the ports and understand the origin and purpose of those process
c) disable the processes that have ports open, if I feel that there is no good reason for having them open
I'm running OS X 10.9.4.
Thanks!
FredrikYou can run "netstat" in the Terminal or maybe Network Utility to see open ports. However, all you should really do is make sure you don't have any sharing services enabled. Otherwise that is all you can do. Macs are not meant to be used as servers or in secure environments. They are strictly consumer machines. Apple has engineered them to be highly secure, but not configurable by the user. It is highly unlikely that any modifications that an end-user can make would do anything other than reduce security.
-
We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.
There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
Common to all applications
* SSH 22 (TCP)
* TELNET 23 (TCP)
* HTTP 80 (TCP)
* SYSLOG 514 (UDP)
Fabric Manager Server and Performance Manager
* SNMP_TRAP 2162 (UDP)
* SNMP picks a random free local port (UDP) - (can be changed in server.properties)
* Java RMI 9099, 9199 to 9299 (TCP)
Fabric Manager Client
* Java RMI 9099, 9199 to 9299 (TCP)
* SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
Device Manager
* SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
* SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled. -
How to open TCP Port on my RV220 Firewall router?
Hello,
I have a windows 8 server for a LAN. This has a Cisco RV220W Firewall which is connected to the T1 router. In order to host a 3rd party video conferencing software I need to have the TCP 1935 port open.
I tried the following -
1. Logged into my RV220W and added a rule using Manage Firewall Rules (Firewall-Access Control-Custome Services). Here I added a rule for TCP start port 1935 and Finish port 1935.
2. Then I added an inbound rule on my Windows 8 server to open TCP 1935.
However when I tested it using porttest.net, it said TCP 1935 is still closed. Can someone please let me know how can I open TCP 1935 port?
Thanks,
AbhiHello
your steps seems to be fine at first look, but somewhere in that chain there is probably something broken.
what kind of service is on that server port?
are you able to open connection from outside with telnet to Router WAN IP and port? example test from outside/internet:
telnet X.X.X.X YYYY
where X.X.X.X is WAN IP of Router and YYYY is port number.
You can confirm that port forwarding is working on both devices:
you can try to connect with computer between Router and Firewall and try that port on firewall.
if previous test works, then for testing purposes move server to subnet between Router and Firewall and perform connectivity test from internet. -
I have two 2811 routers with open ports that I am told to close.
Both routers are running the same IOS version.
flash:c2800nm-advipservicesk9-mz.124-25d.bin.
These are Internet facing routers and thus we do not run IPv6 on these rotuers (yet).
My question:
Is there a way to disable the three IPv6 listening ports?
1. Port 161 and 162 should only be open for our IPv4 SNMP server(s).
2. Port 64963 is unknown
3. Port 49402 is unknown
Thanks
Frank
REMOTE-HD# sh ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 172.16.21.10 2887 0 0 11 0
17 10.8.1.251 54120 172.16.21.10 161 0 0 1001 0
17 --listen-- 172.16.21.10 162 0 0 1011 0
17 --listen-- 172.16.21.10 59393 0 0 1011 0
17(v6) --listen-- --any-- 161 0 0 20001 0
17(v6) --listen-- --any-- 162 0 0 20011 0
17(v6) --listen-- --any-- 64963 0 0 20011 0
17 --listen-- 172.16.21.10 123 0 0 1 0
17 --listen-- 172.16.21.10 500 0 0 11 0
17 --listen-- 172.16.21.10 4500 0 0 11 0
17 10.8.1.9 514 172.16.21.10 51074 0 0 200 0
HQ_HD#sh ip sock
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 172.16.0.8 2887 0 0 11 0
17 10.8.1.11 59506 10.10.0.8 161 0 0 1001 0
17 --listen-- 172.16.0.8 162 0 0 1011 0
17 --listen-- 172.16.0.8 64265 0 0 1011 0
17(v6) --listen-- --any-- 161 0 0 20001 0
17(v6) --listen-- --any-- 162 0 0 20011 0
17(v6) --listen-- --any-- 49402 0 0 20011 0
17 --listen-- 172.16.0.8 123 0 0 1 0
17 --listen-- 172.16.0.8 500 0 0 11 0
17 --listen-- 172.16.0.8 4500 0 0 11 0
17 10.8.1.9 514 172.16.0.8 56794 0 0 200 0Here is the complete config; passwords and IP addresses etc.removed,
NO reference to IPv6 anywhere.
HQ_HD#sh ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 172.16.0.8 2887 0 0 11 0
17 10.8.1.11 59503 10.10.0.8 161 0 0 1001 0
17 --listen-- 172.16.0.8 162 0 0 1011 0
17 --listen-- 172.16.0.8 64265 0 0 1011 0
17(v6) --listen-- --any-- 161 0 0 20001 0
17(v6) --listen-- --any-- 162 0 0 20011 0
17(v6) --listen-- --any-- 49402 0 0 20011 0
17 --listen-- 172.16.0.8 123 0 0 1 0
17 --listen-- 172.16.0.8 500 0 0 11 0
17 --listen-- 172.16.0.8 4500 0 0 11 0
17 10.8.1.9 514 172.16.0.8 56794 0 0 200 0
HQ_HD#term leng 0
HQ_HD#sh run
Building configuration...
Current configuration : 5464 bytes
! Last configuration change at 14:12:54 EST Wed Feb 1 2012 by XXXXXXXXXXXXXXXX
! NVRAM config last updated at 14:12:56 EST Wed Feb 1 2012 by XXXXXXXXXXXXXXXX
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname HQ_HD
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.124-25d.bin
boot system flash:c2800nm-advipservicesk9-mz.124-25b.bin
boot-end-marker
logging buffered 4096 debugging
enable secret --removed--
aaa new-model
aaa group server tacacs+ group1
server --removed--
aaa authentication login default group group1 local line
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group group1
aaa accounting commands 1 default stop-only group group1
aaa accounting commands 15 default stop-only group group1
aaa accounting connection default start-stop group group1
aaa accounting system default start-stop group group1
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
ip cef
no ip bootp server
no ip domain lookup
ip domain name --removed--
ip name-server --removed--
ip name-server --removed--
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
voice-card 0
no dspfarm
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 90
ip ssh authentication-retries 2
ip ssh source-interface Loopback0
ip ssh version 2
crypto isakmp policy 10
encr --gone--
hash --gone--
authentication --gone--
group --removed--
crypto isakmp key --gone-- address --gone--
crypto isakmp keepalive xxxxx
crypto ipsec transform-set stronger --removed-- esp-sha-hmac
crypto map vpn 20 ipsec-isakmp
set peer --removed--
set transform-set stronger
match address 110
interface Loopback0
ip address 172.16.0.8 255.255.255.255
interface FastEthernet0/0
ip address removed--
interface FastEthernet0/1
ip address --removed--
ip access-group 100 in
ip tcp adjust-mss 1460
load-interval 30
crypto map vpn
hold-queue 100 out
ip forward-protocol nd
ip route --gone--
no ip http server
no ip http secure-server
logging history informational
logging facility syslog
logging source-interface Loopback0
logging --removed--
access-list 1 remark VTY and SNMP and ssh
access-list 1 permit --removed--
access-list 1 permit --removed--
access-list 1 deny any log
access-list 100 permit esp --removed--
access-list 100 permit udp --removed--
access-list 110 permit ip --removed--
access-list 110 permit ip --removed--
snmp-server engineID --removed--
snmp-server community --removed--
snmp-server community --removed--
snmp-server enable --removed--
tacacs-server host --removed-- key --gone--
tacacs-server directed-request
control-plane
scheduler allocate 20000 1000
ntp clock-period 17208029
ntp server --gone--
ntp server --gone--
ntp server --gone--
end
HQ_HD#sh run | i v6
...blank
HQ_HD#sh run | i V6
...blank
Thanks for helping
Frank -
I've detected 4 open network-protzs on my Oracle 8.05 EE
without configured MTS oder listener.
Why ??
Older releases (7.3.4 on other platforms) don't have this
"problem".
Any hints are wellcome
So long
Christian
nullThere is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
Common to all applications
* SSH 22 (TCP)
* TELNET 23 (TCP)
* HTTP 80 (TCP)
* SYSLOG 514 (UDP)
Fabric Manager Server and Performance Manager
* SNMP_TRAP 2162 (UDP)
* SNMP picks a random free local port (UDP) - (can be changed in server.properties)
* Java RMI 9099, 9199 to 9299 (TCP)
Fabric Manager Client
* Java RMI 9099, 9199 to 9299 (TCP)
* SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
Device Manager
* SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
* SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled. -
Open TCP Port: 3839 amx-rms
Port scan on localhost shows the above subject. What is it? Do I need this? If not, how do I get rid of it?
Ended up finding out the issue had to with WPA2 session timeouts.
For whatever reason we had the timeouts configured for 30 minutes, which means every 30 minutes the phones are forced to re-auth with the AP. This process was taking long enough that the KeepAlive handshake between the phones and the call managers would fail, resulting in an abnormal unregister.
I've since bumped the value up to 12 hours and magically, the phones don't drop.
Now I get to battle some QoS and/or WiFi interference issues. yay! -
What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?
Also you may want to open tcp port 625 so that you can update the server's OD master.
More info can be found here: http://support.apple.com/kb/ts1629 Well known TCP/UDP ports used by Apple Products.
HTH
- Leland -
HT2463 Air Play icon disappears after a few seconds of opening ports in router settings.
The AIr Play icon no longer consistently appears on my iMac or my iPad. Apple TV is 3rd gen, iPad is 4th gen, iMac is latest (2012) router being used is Linksys (Cisco) E3000. Opened TCP ports 123, 3689, and UDP 5353, and after saving the router settings, the Air Play icon appeared on iPad but disappeared again after less than a minute. The Air Play also appeared on my iMac and when I clicked the rainbow wheel appeared and after less than a minte the Air Play icon vanished again. I have performed restores of the AppleTV both by using the iMac with a micro USB and also did a restore while connected to the television. Any other suggestions before I take it into the local Apple store? Thanks.
I set an appointment at local Apple store Genius bar. The tech helped walk through and eliminate possible variables until we agreed it must be a problem with my router. BTW, the tech hooked up my Apple TV at the store and it worked perfectly using the Apple store network. I went home and restored my router to the factory default (like out of the box when it was new) and re-set it up. When I finished my Apple TV has been displaying the AirPlay icon flawlessly. Hopeful it will continue, but resetting one's router to factory defaults may fix your problem if you are expeiencing same issue when the AirPlay icon goes missing.
-
Hi everyone!
Some times ago i noted, that our asr 1001 has open tcp port 21, however i couldn't find service in one, which links with ftp. When i execute telnet ip_asr 21, i receive rst,ack from asr. It's ok, but i want to disable this port. Did anybody meet with it? And how i can look open and listen ports on ios xe?
Thanks in advance.I would add it via ipfw in a terminal window. Then it will be there
when you restart. -
How to open a port on firewall
I have a RV110W firewall installed. Now behind this firewall there is a server running. I need to access this server from outside of the store through a specific TCP port.
Physical connection from outside to the server is like this.
Outside -> Router -> Firewall -> Server
Router IP: 192.168.1.1
Firewall WAN IP: 192.168.1.5
Firewall LAN IP: 192.168.2.1
Firewall Gateway IP: 192.1681.1
Server IP: 192.168.2.10
The firewall is in gateway mode.
Now I forwarded a TCP port on router to firewall (192.168.1.5) and on the firewall i forwarded the same port to server (192.168.2.10).
On the server system, i opened the port on windows firewall for inbound.
This there anything I am missing?Hello
your steps seems to be fine at first look, but somewhere in that chain there is probably something broken.
what kind of service is on that server port?
are you able to open connection from outside with telnet to Router WAN IP and port? example test from outside/internet:
telnet X.X.X.X YYYY
where X.X.X.X is WAN IP of Router and YYYY is port number.
You can confirm that port forwarding is working on both devices:
you can try to connect with computer between Router and Firewall and try that port on firewall.
if previous test works, then for testing purposes move server to subnet between Router and Firewall and perform connectivity test from internet. -
Open UDP Ports on AirPort Extreme
I need to open a few UDP Ports on my new AirPort Extreme so that the software that is running on my network can access the internet over those ports and the software can be accessed from the internet as well. I can find in the AirPort Extreme manual how to open TCP ports but not UDP. I have the list of ports I need to open, but can't find where to configure them in the router firmware.
I would like help on where to configure these ports. Thank you.If you are using the Airport Utility on the Airport Extreme N Base Station, the port mapping screen should look like what you see on page 56 of the manual "Designing Airport Networks" found at:
http://manuals.info.apple.com/en/DesigningAirPort_Networks_Using_AirPortUtility.pdf
...and it clearly shows how/where to specify UDP and TCP ports. -
I want open the ports and allow the telnet port also
Dear sir
dis is my router configurations
router#show running-config
Building configuration...
Current configuration : 1588 bytes
! Last configuration change at 06:58:58 UTC Tue Apr 8 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname INFOVEE
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip name-server 182.xx.xx.xx
ip name-server 182.xx.xx.xx
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FGL172820EP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 103.xx.xx.xx 255.255.xx.xx
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source static 10.0.0.10 103.xx.xx.xx
ip nat inside source static 10.0.0.11 103.xx.xx.xx
ip nat inside source static 10.0.0.12 103.xx.xx.xx
ip nat inside source static 10.0.0.14 103.xx.xx.xx
ip nat inside source static 10.0.0.15103.xx.xx.xx
ip nat inside source static 10.0.0.16 103.xx.xx.xx
ip nat inside source static 10.0.0.9 103.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 103.xx.xx.xx
control-plane
line con 0
password 12345
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 1235
login
transport input all
scheduler allocate 20000 1000
end
we have server only .. we want allow particular ports allow to my server how to open the ports in router please help me ... if any configuration mistakes please help me ....
Thank youI'd advise you to download and use Cisco Configuration Professional (CCP) if you want to secure your router and setup some access-lists for your servers.
Right now your setup is very insecure (no authentication beyond a simple plain text password on the vty lines). CCP has a security audit feature that will remedy that and other issues.
For your servers, you will need an extended access-list applied to your outside interface Gi0/1 restricting access to the NATted server addresses on the ports you want to allow. -
Hi:
I have a question. As we know, scanning TCP ports is a lot eaiser than UDP ports because active UDP ports don't respond and there are other reasons as well.
try{
Socket soc= new Scoket(address, portnumber);
catch(Throwable e){ System.out.println(e)}
look at the code above, it can only tell you active TCP ports for the Throwable e tells you nothing about UDP ports. An active UDP port doesn' respond to the connection call "soc". Therefore it will throw an exception(connection refused) after trying to connect an active UDP port. This exception is just like those of closed TCP ports.
What i am saying is that active UDP ports will be treated the same as closed TCP ports. They are hidden in closed TCP ports. How do i sift them out? Any solutions?I am basically trying to determine how many UDP and TCP ports on a machine are open. Open TCP ports are easy to see. But UDP ports are tricky. Can you please tell me more in detail using a datagram socket?
Maybe you are looking for
-
Installing Chrome with yaourt not working
Hello, I am a total newbie, apoligies in advance if I'm making any obvious mistakes. I have just installed yaourt and successfully used it to install Dropbox, now I'm wanting to install Google Chrome (google-chrome-dev in AUR). When I run yaourt goog
-
How to set up guest password?
I still cannot figure out how to set up a guest password on my wireless network. I'm trying to use 192.168.1.1 but dont see an obvious place to set the information. And do I have to connect to router to the laptop before making the changes?
-
RSWUWFML2 to send out Collective notification
We implemented a couple of SAP workflow such as Purchase requisition approval and Employee Leave request workflow. We are using RSWUWFML2 to send out the Collective notification to Purchase Requisition Approval users Outlook inbox. In program RSWUWF
-
I have a SB Live 24 card. When I test my speakers though Creative diagnostics, I will get varied results. At times only the right speaker will work, sometimes only the left. Sometimes both. I switched speakers with a different computer and end up wit
-
Ms crm 2013 social pane phone call issue.
Hi All, One of my client is having issue on add of Phone call activity from social pane. During addition of phone call activity he said the owner of the previous phone call activities also changed with his name. Below is dummy image that show the own