 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Hi all, I have had this on a few instances and I was wondring if anyone can verify if this is something other people have found when scanning PIX's or web servers in the DMZ.. Firstly I scanned using the normal sS routine and ports were found closed. Following that I preceded to scan without pinging the host and the output is below: nmap -P0 XXX.XXX.XXX.XX Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on XXXX (X.X.X.X): (The 1596 ports scanned but not shown below are in state: filtered) Port State Service 389/tcp open ldap 1002/tcp open unknown 1720/tcp open H.323/Q.931 I have confirmed with the rulebase and the none of the ports that are open are defined in the rule base and everything elese is still explictly denied (even though PIX does it by default) by a deny IP rule. Also the majority of fixup protocols have been disbaled (except HTTP, SMTP). Also when I scan web servers behind the firewall with this option it still has the same ports open + HTTP and HTTPS... This is the third time I have had this output when using this no ping host option, so has anyone found the similar outputs? Could this be a common way to commonly identify PIX firewalls? Is there an advisory for this? And are there any workarounds so these ports are not shown on the no ping scan? Regards, Trev --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.