Disable ports

Solved
PasTro
Comes here often

Disable ports

Hi,

 

Question from my PCI guy.

 

Is it possible to close ports 53, 179, 8090, 8181, 123 and 161 from the LAN on a MX67?

 

The PCI guy did a LAN side Nmap test and those ports was open.

 

Thanks,

Pascal

1 Accepted Solution
Kamome
Building a reputation

Also, 123 is for NTP, and 161 is for SNMP.
If you don't use SNMP, you can disable it. But need to open NTP in order to MX can keep correct time.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal

Some ports are used for  things  like local status  page, splash  page, content filter block message etc.  You can disable those features. Some ports will still be open. But i guess you can not abuse  them unless you prove otherwise 😉

 

You  have clients directly connected  to your mx? 

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Port 53 is used for DNS resolution, so you may not want to close that one.

 

179 is used for BGP.  It's closed on our MX (so you can't connect to it) but it responds to a SYN scan.

 

8090 and 8081 are open on our MX as well.  I have no idea what they are used for.

 

Interestingly enough your scan doesn't show port 80, so I'm guessing you have the local status page disabled.

Kamome
Building a reputation

Also, 123 is for NTP, and 161 is for SNMP.
If you don't use SNMP, you can disable it. But need to open NTP in order to MX can keep correct time.
PasTro
Comes here often

Thank you guys for your answers.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels