hi,
thank-you Dario for your input and response from Cisco PSIRT - very
useful and welcome.
alan
NANOG mailing list subscribers:
Hi there. My name is Dario Ciccarone and I work as an Incident
Manager on the Cisco PSIRT. The Cisco Product Security Incident Response
Team (PSIRT) is responsible for responding to Cisco product security
incidents. The Cisco PSIRT is a dedicated, global team
to another
engineer.
-Original Message-
From: NANOG <nanog-boun...@nanog.org> On Behalf Of
frederic.jut...@sig-telecom.net
Sent: Monday, May 7, 2018 10:45 AM
To: Jay Farrell <jay...@jayfar.com>; nanog@nanog.org
Subject: Re: Catalyst 4500 listening on TCP 6154 on all interfa
>
> -Original Message-
> From: NANOG <nanog-boun...@nanog.org> On Behalf Of
> frederic.jut...@sig-telecom.net
> Sent: Monday, May 7, 2018 10:45 AM
> To: Jay Farrell <jay...@jayfar.com>; nanog@nanog.org
> Subject: Re: Catalyst 4500 listening on TCP 6154 on all i
On May 7, 2018, at 2:58 PM, Jay Farrell via NANOG
> wrote:
I saw that list, but understood the numbers there to be IDS signature
numbers, rather than port numbers. Am I misreading something?
No, you are correct.
As Niels Bakker pointed out that is a
I saw that list, but understood the numbers there to be IDS signature
numbers, rather than port numbers. Am I misreading something?
On Mon, May 7, 2018 at 12:24 PM, Curtis, Bruce
wrote:
> Some Cisco devices use 6154 for ypxfrd.
>
>
> 6154 ypxfrd Portmap Request (Info,
reading this - just wonderingdo you use the SmartCall home service? I
wonder if that's what is using this.
try this:
no service smart-call-home and see if that disables it...
just a thought
On Thu, May 3, 2018 at 12:51 AM, frederic.jut...@sig-telecom.net <
I've been told that the TAC center will not take the time to answer as
it's not a 'real' problem, service affecting issue.
And the Cisco community forum on that topic was useless (nobody answer
to a person which already open a topic about this issue 10 months ago).
But you are the 4rd person to
* bruce.cur...@ndsu.edu (Curtis, Bruce) [Mon 07 May 2018, 18:25 CEST]:
Some Cisco devices use 6154 for ypxfrd.
No, they don't.
6154 ypxfrd Portmap Request (Info, Atomic*)
Triggers when a request is made to the portmapper for the YP transfer daemon
(ypxfrd) port.
Some Cisco devices use 6154 for ypxfrd.
6154 ypxfrd Portmap Request (Info, Atomic*)
Triggers when a request is made to the portmapper for the YP transfer daemon
(ypxfrd) port.
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfids.html
Just a wild thought – why not open a TAC case with Cisco and ask them?
On Mon, May 7, 2018 at 3:06 AM, frederic.jut...@sig-telecom.net <
frederic.jut...@sig-telecom.net> wrote:
> > - a nsa backdoor :-)
>
> it would be a very bad backdoor as it's really easy to see the port
> listening...
>
>
> >
> - a nsa backdoor :-)
it would be a very bad backdoor as it's really easy to see the port
listening...
> - a default active service
Maybe, but a service which is not officially registered:
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=6154
As the zero touch feature is on TCP 4786 (SMI), I vote for either:
- a nsa backdoor :-)
- a default active service
Have you tried to zeroize the config and restart then check if TCP 6154
is still on LISTEN state ?
-
Marcel
On 03.05.2018 06:51, frederic.jut...@sig-telecom.net wrote:
> Hi,
>
Hi,
We have Cat 4500 series on SUP7L-E with IOS/XE 03.06.02.E/152(2).E2
which have TCP port 6154 listening on all interfaces.
Any idea what it could be ?
#show tcp brief all
TCB Local Address Foreign Address (state)
...
5A529430 0.0.0.0.6154
14 matches
Mail list logo