This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Port Scanner shows a wide range of ports blocked which the customer requires to be open for scanning.

Port Scanner shows a wide range of ports blocked which the customer requires to be open for scanning.

KG1790
New Contributor

ā€Ž08-24-2020 09:11 AM

No ACL has been configured but a lot of the ports have been scanned and are found to be blocked. See excerpt below.

I believe if you dont configure any ACL, all ports should be open by default. Is there any relevant documentation that lists all the ports being blocked by default?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 135, 443.
Listed below are the ports filtered by the firewall.
No response has been received when any of these ports are probed.
1,6,8-11,13-14,27,30-31,33,38-39,41,43-44,46-47,52,54-55,61,64,68,72,
76-77,79-81,83,88,94,97,101,104,106,113-114,117,120-122,124,127-128,131,
135,137,139,143-144,146,149-151,159,161,171-173,176,178-179,181-182,184-185,
187,193,196,200,202,204,206-207,217,225,228-229,233-234,244,246,253-256,
260,262,264,266,272-273,278,293,297-298,305,307-310,313,315,317-318,320-322,
332,334,339,342,344,346,348,352-353,356,359,362,366,369,374,377,380,385-386,
391-392,394-396,401-402,406,410,412,416-417,426-427,431,434,442,454,456,
458-459,463,465-467,470,474-475,480,483-484,486,488,490-492,495-496,498,
504,506-509,511,515,517-518,522,528,531-532,534-536,538,540, and more.
 

0 Kudos
6 REPLIES 6

Stefan_K_
Valued Contributor

ā€Ž08-27-2020 08:36 AM

Sorry, I still donā€™t really understand the problem.

What did the customer scan?

Did he do a port-scan on the mgmt IP-address of the switch? I would suspect that most ports are blocked then and only some are opened (e.g. telnet (if enabled), ssh (if enabled) and so on)

Did he do a port-scan on a system (e.g. Server) that connects to the switch?

Did he do a port-scan on a system in the internet?

This is the big question: From where to where was the port-scan executed?

0 Kudos

davidj_cogliane
Contributor

ā€Ž08-24-2020 04:14 PM

I have never seen a X670-G2 block port 23 or 22 which we use all the time for telnet and ssh.

With that being said, are you only able to access the switches via the local console connection?

0 Kudos

KG1790
New Contributor

ā€Ž08-24-2020 03:42 PM

Switches are X670G2 with FW 22.6.1.4. We also have X460G2 which are 1G switches but for some reason they didnā€™t detect any blocked ports for these.

0 Kudos

davidj_cogliane
Contributor

ā€Ž08-24-2020 03:05 PM

What kind of switches are we talking about and what firmware are they running?

0 Kudos
GTM-P2G8KFN