cancel
Showing results for 
Search instead for 
Did you mean: 

Port Scanner shows a wide range of ports blocked which the customer requires to be open for scanning.

Port Scanner shows a wide range of ports blocked which the customer requires to be open for scanning.

KG1790
New Contributor

No ACL has been configured but a lot of the ports have been scanned and are found to be blocked. See excerpt below.

I believe if you dont configure any ACL, all ports should be open by default. Is there any relevant documentation that lists all the ports being blocked by default?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 135, 443.
Listed below are the ports filtered by the firewall.
No response has been received when any of these ports are probed.
1,6,8-11,13-14,27,30-31,33,38-39,41,43-44,46-47,52,54-55,61,64,68,72,
76-77,79-81,83,88,94,97,101,104,106,113-114,117,120-122,124,127-128,131,
135,137,139,143-144,146,149-151,159,161,171-173,176,178-179,181-182,184-185,
187,193,196,200,202,204,206-207,217,225,228-229,233-234,244,246,253-256,
260,262,264,266,272-273,278,293,297-298,305,307-310,313,315,317-318,320-322,
332,334,339,342,344,346,348,352-353,356,359,362,366,369,374,377,380,385-386,
391-392,394-396,401-402,406,410,412,416-417,426-427,431,434,442,454,456,
458-459,463,465-467,470,474-475,480,483-484,486,488,490-492,495-496,498,
504,506-509,511,515,517-518,522,528,531-532,534-536,538,540, and more.
 

6 REPLIES 6

Stefan_K_
Valued Contributor

Sorry, I still don’t really understand the problem.

What did the customer scan?

Did he do a port-scan on the mgmt IP-address of the switch? I would suspect that most ports are blocked then and only some are opened (e.g. telnet (if enabled), ssh (if enabled) and so on)

Did he do a port-scan on a system (e.g. Server) that connects to the switch?

Did he do a port-scan on a system in the internet?

This is the big question: From where to where was the port-scan executed?

davidj_cogliane
Contributor

I have never seen a X670-G2 block port 23 or 22 which we use all the time for telnet and ssh.

With that being said, are you only able to access the switches via the local console connection?

KG1790
New Contributor

Switches are X670G2 with FW 22.6.1.4. We also have X460G2 which are 1G switches but for some reason they didn’t detect any blocked ports for these.

davidj_cogliane
Contributor

What kind of switches are we talking about and what firmware are they running?

GTM-P2G8KFN