Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-09 Thread Alan Buxey
hi, thank-you Dario for your input and response from Cisco PSIRT - very useful and welcome. alan

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-09 Thread Dario Ciccarone
NANOG mailing list subscribers:     Hi there. My name is Dario Ciccarone and I work as an Incident Manager on the Cisco PSIRT. The Cisco Product Security Incident Response Team (PSIRT) is responsible for responding to Cisco product security incidents. The Cisco PSIRT is a dedicated, global team

RE: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-08 Thread Spaans, Joel H
to another engineer. -Original Message- From: NANOG <nanog-boun...@nanog.org> On Behalf Of frederic.jut...@sig-telecom.net Sent: Monday, May 7, 2018 10:45 AM To: Jay Farrell <jay...@jayfar.com>; nanog@nanog.org Subject: Re: Catalyst 4500 listening on TCP 6154 on all interfa

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-08 Thread frederic.jut...@sig-telecom.net
> > -Original Message- > From: NANOG <nanog-boun...@nanog.org> On Behalf Of > frederic.jut...@sig-telecom.net > Sent: Monday, May 7, 2018 10:45 AM > To: Jay Farrell <jay...@jayfar.com>; nanog@nanog.org > Subject: Re: Catalyst 4500 listening on TCP 6154 on all i

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Curtis, Bruce
On May 7, 2018, at 2:58 PM, Jay Farrell via NANOG > wrote: I saw that list, but understood the numbers there to be IDS signature numbers, rather than port numbers. Am I misreading something? No, you are correct. As Niels Bakker pointed out that is a

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Jay Farrell via NANOG
I saw that list, but understood the numbers there to be IDS signature numbers, rather than port numbers. Am I misreading something? On Mon, May 7, 2018 at 12:24 PM, Curtis, Bruce wrote: > Some Cisco devices use 6154 for ypxfrd. > > > 6154 ypxfrd Portmap Request (Info,

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Stephen Fischer
reading this - just wonderingdo you use the SmartCall home service? I wonder if that's what is using this. try this: no service smart-call-home and see if that disables it... just a thought On Thu, May 3, 2018 at 12:51 AM, frederic.jut...@sig-telecom.net <

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread frederic.jut...@sig-telecom.net
I've been told that the TAC center will not take the time to answer as it's not a 'real' problem, service affecting issue. And the Cisco community forum on that topic was useless (nobody answer to a person which already open a topic about this issue 10 months ago). But you are the 4rd person to

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Niels Bakker
* bruce.cur...@ndsu.edu (Curtis, Bruce) [Mon 07 May 2018, 18:25 CEST]: Some Cisco devices use 6154 for ypxfrd. No, they don't. 6154 ypxfrd Portmap Request (Info, Atomic*) Triggers when a request is made to the portmapper for the YP transfer daemon (ypxfrd) port.

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Curtis, Bruce
Some Cisco devices use 6154 for ypxfrd. 6154 ypxfrd Portmap Request (Info, Atomic*) Triggers when a request is made to the portmapper for the YP transfer daemon (ypxfrd) port. https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfids.html

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Jay Farrell via NANOG
Just a wild thought – why not open a TAC case with Cisco and ask them? On Mon, May 7, 2018 at 3:06 AM, frederic.jut...@sig-telecom.net < frederic.jut...@sig-telecom.net> wrote: > > - a nsa backdoor :-) > > it would be a very bad backdoor as it's really easy to see the port > listening... > > > >

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread frederic.jut...@sig-telecom.net
> - a nsa backdoor :-) it would be a very bad backdoor as it's really easy to see the port listening... > - a default active service Maybe, but a service which is not officially registered: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=6154

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-05 Thread marcel.duregards--- via NANOG
As the zero touch feature is on TCP 4786 (SMI), I vote for either: - a nsa backdoor :-) - a default active service Have you tried to zeroize the config and restart then check if TCP 6154 is still on LISTEN state ? - Marcel On 03.05.2018 06:51, frederic.jut...@sig-telecom.net wrote: > Hi, >

Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-03 Thread frederic.jut...@sig-telecom.net
Hi, We have Cat 4500 series on SUP7L-E with IOS/XE 03.06.02.E/152(2).E2 which have TCP port 6154 listening on all interfaces. Any idea what it could be ? #show tcp brief all TCB Local Address Foreign Address (state) ... 5A529430 0.0.0.0.6154