Yes, that's true from Cisco docs. However, running nmap against a 25xx 11.2.16 IOS
returned the following:
# Log of: ./nmap -sF -F -O -o dag.txt 1.1.1.1
Insufficient responses for TCP sequencing (0), OS detection will be MUCH less reliable
Interesting ports on (1.1.1.1):
(Not showing ports in state: filtered)
Port State Protocol Service
77 open tcp priv-rje
101 open tcp hostname
121 open tcp erpc
144 open tcp news
361 open tcp semantix
401 open tcp ups
472 open tcp ljk-login
526 open tcp tempo
762 open tcp quotad
1368 open tcp screencast
1373 open tcp chromagrafx
1441 open tcp cadis-1
1461 open tcp ibm_wrless_lan
2030 open tcp device2
5530 open tcp sdserv
5540 open tcp sdreport
6110 open tcp softcm
Remote operating system guess: AIX 4.2
This router have that commands enabled and, after been disabled, all of these
disappeared. Well, maybe this result is a false positive one (there's a bunch of weird
services, not usually expected on a router). The appearance of protocol type 77 above
is what called my attention to this.
Looking again at the original message, an ICMP type 5 is an redirect message,
so - another guess :-) - it's possible that the router isn't generating rje packets,
but trying to tell the server and firewall to redirect the packets to another route.
The best thing to do is to determine exactly who is generating this rje traffic, and
to whom it's destined, fixing the routes.
A good non-solution is to filter out these packets on router, without logging
them.
Forgive me if I was too fast on the first reply but anyway, disabling all
unnecessary services on the router is always a good thing to do.
Regards,
Luciano A. C. Mello
----- Mensagem original -----
De: Joe Dauncey [SMTP:[EMAIL PROTECTED]]
Enviada em: Segunda-feira, 25 de Outubro de 1999 9:24
Para: Luciano Augusto da Cunha Mello; '[EMAIL PROTECTED]'
Assunto: Re: rje protocol
These two commands will only disable chargen, discard, daytime and echo on
Cisco routers, at least in my experience.
Cheers,
Joe
----- Original Message -----
From: Luciano Augusto da Cunha Mello <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Sent: Friday, October 22, 1999 11:48 AM
Subject: RES: rje protocol
>
>
> Try using these commands on the Cisco, on the global configuration mode:
>
> router(config)# no service tcp-small-services
> router(config)# no service udp-small-services
>
> These commands disable many (usually) unnecessary services that run on
IOS.
> Take a look at: http://www.cisco.com/warp/public/707/21.html for more
information on securing a Cisco router.
>
> Regards,
>
> [Luciano Augusto da Cunha Mello]
> ------------------------------
>
> Date: Thu, 21 Oct 1999 17:14:21 -0400 (EDT)
> From: Rich Schaller <[EMAIL PROTECTED]>
> Subject: rje protocol
>
> Can anyone tell me what this protocol is used for? I'm seeing heavy
> traffic for one of our clients on ICMP port 5 originating from a Cisco
> router destined for their firewall and one of their servers behind the
> firewall. All packets are being blocked, but it's eating up their logs.
> Any ideas? Are there services enabled on the Cisco that need the rje
> protocol?
>
> Thanks,
> Rich Schaller
>
> - -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> ------------------------------
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
