I’m in the process of configuring my hAP ax³ running v7.8. As part of hardening, I have disabled unnecessary services and set Available From to my local network addresses. However,
nmap -Pn -p1-65535 router
still shows port
2000/tcp open cisco-sccp
. Is there a way to disable this? Will anything break if it is disabled?
Only way we can do more than a wild guess is if you post your configuration. To export and paste your configuration (and I’m assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) “/export hide-sensitive file=any-filename-you-wish”. Then open the files section and right click on the filename you created and select download in order to download the file to your computer. It will be a text file with whatever name you saved to with an extension of .rsc. Suggest you then open the .rsc file in your favorite text editor and redact any sensitive information. Then in your message here, click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
Document on IP/Services says that ROS uses TCP port 2000 for bandwidth testing service by default.
So you are saying that an IP service is open and not listed under IP Services… so that it can be turned off.
Sounds like an oversight and bug …
Are there other ports open without our ability to turn them off???
/tool bandwidth-server set enabled=no
closes the port.
Many thanks!
Yes, but the default should be closed, unless you enabled it and then the poop is on you LOL.
But seriously all these services should be listed or made more obvious…