Cisco confirm me off-list that this is only a internal usage socket which is not exposed. An official info from them should come.
And before applying any iACL, check your netflow, you should not apply a trivial iACL on your upstream, but you should be able to deny only src=any, dst=yournetwork, proto=tcp, tcpflag=SYN, otherwise you might block valid communication between your clients (port 6154 could have been randomly selected by any tcp/ip stack to open a socket). On 08.05.2018 12:04, Chris Jones wrote: >> On 8 May 2018, at 12:20 am, Roland Dobbins <[email protected]> wrote: >> >> >> On 7 May 2018, at 20:04, James Bensley wrote: >> >>> Have you opene s a TAC case? >> Yes - that's how I'd go about it. If I couldn't take the gear in question >> out of service, I'd iACL it in the meantime (should be done, anyways). >> > For the super paranoid, I’d suggest probably ACLing it upstream (whatever’s > causing it to listen may well selectively ignore an ACL, too…) > > </tin-foil-hat> > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
