Firewall Wizards mailing list archives

nmap on the internal interface of a PIX

From: Daniel Monjar <dmonjar () orgtek com>
Date: Tue, 12 Sep 2000 12:52:11 -0400

The latest PIX threads got me poking at mine.  When I run nmap
against the internal interface I see:

[dmonjar@monjard ~]$ nmap 10.155.1.49

Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ )
Interesting ports on pix.orgtek.com (10.155.1.49):
(The 1515 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet                  
194/tcp    filtered    irc                     
1467/tcp   open        csdmbase                
5631/tcp   filtered    pcanywheredata          
5632/tcp   filtered    pcanywherestat          
6000/tcp   filtered    X11                     
6667/tcp   filtered    irc                     
65301/tcp  filtered    pcanywhere              



I get nervous when I see anything with 'pcanywhere' in the string.
Any idea why they're there?  There are no conduits for those ports
configured and I have a filtering device (PacketShaper from Packeteer)
sitting on the internal interface between the PIX and the network that
excplicits discards pcanywhere stuff.

-- 
Daniel Monjar (mailto:dmonjar () orgtek com)
"Meddle not in the affairs of dragons, 
 for you are crunchy and taste good with ketchup."


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

nmap on the internal interface of a PIX Daniel Monjar (Sep 13)
- Re: nmap on the internal interface of a PIX Robert Collins (Sep 14)
- Re: nmap on the internal interface of a PIX Chris Cappuccio (Sep 14)
  - Message not available
    - Re: nmap on the internal interface of a PIX Daniel Monjar (Sep 16)
  - Re: nmap on the internal interface of a PIX antirez (Sep 16)
- <Possible follow-ups>
- RE: nmap on the internal interface of a PIX Keith Morgan (Sep 14)