General discussion


bootp server port open

By segraves ·
A security audit of a network I designed found
that port 67udp is open on two "sets" of
routers/switches. The routers are part of
redundancy groups, so there is a primary router
and switch with an etherchannel connection to
the secondary switch and router. Although "no ip
bootp server" is configured on the routers, the
port is open on all four devices.
This is true for two locations, with the exact
same config/topology working just fine on about
25 other locations.
Since this port is open along the "link" between
the two routers, it seems like some sort of
session is open, but the only communication
between the two routers is HSRP and IBGP.
Any ideas why this could be?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by wbaltas In reply to bootp server port open

The "no ip bootpserver" command should turn this off.

A couple of other commands you can try are:

no boot network
no service pad

One last thought, could the audit have simply said that UDP 67 is being forwarded by your router? If this is the case an ACL could stop this.

Bill Baltas

Collapse -

by segraves In reply to bootp server port open

It should stop it, but it doesnt. The network is live and I cant just add config at a whim, plus adding an access list to fix something isnt really a good idea.
Any other thoughts....?

Collapse -

by wroming In reply to bootp server port open

Well without turning the feature off or with out doing an ACL you are limiting yourself quite a bit. I would contact Cisco and see if they can offer any other light on the subject matter via e-mail or you could always call them.

Collapse -

by segraves In reply to bootp server port open

To all interested:
That port is no longer shut down with the "no ip bootp server" command, rather with the "no service dhcp" command.
It doesnt explain why only two locations came back with "open" status (auditer headspace?), but the problem is solved.
Thanks for the replies.

Related Discussions

Related Forums